[House Hearing, 106 Congress]
[From the U.S. Government Publishing Office]
THE ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE ACT
=======================================================================
HEARING
before the
SUBCOMMITTEE ON TELECOMMUNICATIONS,
TRADE, AND CONSUMER PROTECTION
of the
COMMITTEE ON COMMERCE
HOUSE OF REPRESENTATIVES
ONE HUNDRED SIXTH CONGRESS
FIRST SESSION
on
H.R. 1714
__________
JUNE 9, 1999
__________
Serial No. 106-32
__________
Printed for the use of the Committee on Commerce
U.S. GOVERNMENT PRINTING OFFICE
57-447 CC WASHINGTON : 1999
------------------------------------------------------------------------------
For sale by the U.S. Government Printing Office
Superintendent of Documents, Congressional Sales Office, Washington, DC 20402
------------------------------
COMMITTEE ON COMMERCE
TOM BLILEY, Virginia, Chairman
W.J. ``BILLY'' TAUZIN, Louisiana JOHN D. DINGELL, Michigan
MICHAEL G. OXLEY, Ohio HENRY A. WAXMAN, California
MICHAEL BILIRAKIS, Florida EDWARD J. MARKEY, Massachusetts
JOE BARTON, Texas RALPH M. HALL, Texas
FRED UPTON, Michigan RICK BOUCHER, Virginia
CLIFF STEARNS, Florida EDOLPHUS TOWNS, New York
PAUL E. GILLMOR, Ohio FRANK PALLONE, Jr., New Jersey
Vice Chairman SHERROD BROWN, Ohio
JAMES C. GREENWOOD, Pennsylvania BART GORDON, Tennessee
CHRISTOPHER COX, California PETER DEUTSCH, Florida
NATHAN DEAL, Georgia BOBBY L. RUSH, Illinois
STEVE LARGENT, Oklahoma ANNA G. ESHOO, California
RICHARD BURR, North Carolina RON KLINK, Pennsylvania
BRIAN P. BILBRAY, California BART STUPAK, Michigan
ED WHITFIELD, Kentucky ELIOT L. ENGEL, New York
GREG GANSKE, Iowa THOMAS C. SAWYER, Ohio
CHARLIE NORWOOD, Georgia ALBERT R. WYNN, Maryland
TOM A. COBURN, Oklahoma GENE GREEN, Texas
RICK LAZIO, New York KAREN McCARTHY, Missouri
BARBARA CUBIN, Wyoming TED STRICKLAND, Ohio
JAMES E. ROGAN, California DIANA DeGETTE, Colorado
JOHN SHIMKUS, Illinois THOMAS M. BARRETT, Wisconsin
HEATHER WILSON, New Mexico BILL LUTHER, Minnesota
JOHN B. SHADEGG, Arizona LOIS CAPPS, California
CHARLES W. ``CHIP'' PICKERING,
Mississippi
VITO FOSSELLA, New York
ROY BLUNT, Missouri
ED BRYANT, Tennessee
ROBERT L. EHRLICH, Jr., Maryland
James E. Derderian, Chief of Staff
James D. Barnette, General Counsel
Reid P.F. Stuntz, Minority Staff Director and Chief Counsel
______
Subcommittee on Telecommunications, Trade, and Consumer Protection
W.J. ``BILLY'' TAUZIN, Louisiana, Chairman
MICHAEL G. OXLEY, Ohio, EDWARD J. MARKEY, Massachusetts
Vice Chairman RICK BOUCHER, Virginia
CLIFF STEARNS, Florida BART GORDON, Tennessee
PAUL E. GILLMOR, Ohio BOBBY L. RUSH, Illinois
CHRISTOPHER COX, California ANNA G. ESHOO, California
NATHAN DEAL, Georgia ELIOT L. ENGEL, New York
STEVE LARGENT, Oklahoma ALBERT R. WYNN, Maryland
BARBARA CUBIN, Wyoming BILL LUTHER, Minnesota
JAMES E. ROGAN, California RON KLINK, Pennsylvania
JOHN SHIMKUS, Illinois THOMAS C. SAWYER, Ohio
HEATHER WILSON, New Mexico GENE GREEN, Texas
CHARLES W. ``CHIP'' PICKERING, KAREN McCARTHY, Missouri
Mississippi JOHN D. DINGELL, Michigan,
VITO FOSSELLA, New York (Ex Officio)
ROY BLUNT, Missouri
ROBERT L. EHRLICH, Jr., Maryland
TOM BLILEY, Virginia,
(Ex Officio)
(ii)
C O N T E N T S
__________
Page
Testimony of:
Curtis, Christopher T., Associate General Counsel, Capital
One Financial Corporation.................................. 37
Engelberg, Ari, President and Founder of Stamps.Com,
Incorporated............................................... 32
Greenwood, Daniel, Deputy General Counsel, Information
Technology Division, Commonwealth of Massachusetts......... 26
Pincus, Andrew J., General Counsel, Department of Commerce... 10
Siedlarz, John E., President and Chief Executive Officer,
Iriscan, Incorporated, on behalf of the International
Biometric Industry Association............................. 35
Skogen, Jeffrey, Internet Market Manager, Ford Motor Credit
Company.................................................... 23
Upson, Donald W., Secretary of Technology, Commonwealth of
Virginia................................................... 19
Material submitted for the record by:
Business Software Alliance, prepared statement of............ 59
(iii)
THE ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE ACT
----------
WEDNESDAY, JUNE 9, 1999
House of Representatives,
Committee on Commerce,
Subcommittee on Telecommunications,
Trade and Consumer Protection,
Washington, DC.
The subcommittee met, pursuant to notice, at 10 a.m., in
room 2123, Rayburn House Office Building, Hon. W.J. ``Billy''
Tauzin, (chairman) presiding.
Members present: Tauzin, Stearns, Gillmor, Deal, Largent,
Cubin, Shimkus, Ehrlich, Bliley (ex officio), Gordon, Rush,
Eshoo, Sawyer, Green, McCarthy, and Dingell (ex officio).
Staff present: Paul Scolese, professional staff member;
Mike O'Reilly, professional staff member; Ed Hearst, majority
counsel; Donn Salvosa, legislative clerk, and Andy Levin,
minority counsel.
Mr. Tauzin. The committee will please come to order.
A number of years ago, the ``New Yorker Magazine'' ran a
cartoon showing two dogs seated at a computer. One dog says to
the other, ``On the Internet, nobody knows you are a dog.''
That is also true, by the way, in some voter registration
systems in some of our States. I think there was a newspaper in
Lake Charles, Louisiana, that managed to register two dogs in
the Louisiana elections.
For the first few years of the Internet, that was true. You
really didn't know who was on the other end. However, with the
explosion in electronic commerce activities, a clear need has
developed for knowing who you are and who you are dealing with
online; especially now that online transactions are becoming
more and more complex. Many companies are currently at work
developing products and services that seek to electronically
authenticate parties to online transactions.
One hurdle the companies that are seeking to use the
electronic authentication face is the uncertain legality of
electronic signatures. States have begun to update laws to
address this problem. To date, 44 States have enacted some type
of electronic signature law. However, no two States have
adopted the same law. Therefore, the result is a patchwork of
State laws on the recognition of electronic signatures.
In my opinion, 40 of 50 different State standards will make
interstate commerce very difficult; if not in some cases
impossible. The subcommittee is aware that there is an effort
underway to create a uniform State electronic signature law.
Even under optimistic assumptions, adoption by all 50 States
will take 3 to 5 years. Now that may not seem like a long time.
But in the fast-changing world of electronic commerce, that is
nearly an eternity.
Today this subcommittee will be examining H.R. 1714, the
Electronic Signatures In Global and National Commerce Act, ``E-
SIGN.'' The goal of this act is to further promote the
development and growth of electronic commerce by clarifying the
legal status of electronic signatures and records. Contracts or
agreements cannot be invalidated solely because the agreement
or contract is in an electronic form, or has been signed
electronically. The legislation does recognize the efforts by
States, and allows States to enact their own legislation to
recognize electronic signatures and electronic records.
The efforts to create a uniform State electronic signatures
law, and the goal of H.R. 1714 are, therefore, in no way
incompatible. Rather, they are complementary in that they are
working toward a single, uniform standard.
Another important element of this legislation is that it
provides this sector of Commerce with guidance in promoting
American principles on electronic signature laws overseas. It
would clearly harm American interests to have foreign nations
enact laws that would, or could, discriminate against American
products and companies; or create closed systems that do not
recognize the technologies and systems used by American
companies. I think we only have to look at the controversy
surrounding the third-generation wireless standards to see how
important the international marketplace is.
We will be hearing from a panel of witnesses today that
will give us many perspectives on the issues of electronic
authentication, and on H.R. 1714 in particular. The panel
includes developers and users of these technologies, as well as
representatives from State governments and the administration.
H.R. 1714 is clearly the beginning of a process. I fully
anticipate that this committee will be working with Chairman
Bliley and all interested parties to work out a final bill that
will meet our goal of furthering the use of electronic
signatures and promoting electronic commerce. Additionally, we
look forward to hearing comments from our colleague from
Tennessee, Mr. Gordon, on the work that he has done on H.R.
1572, his Digital Signature Act of 1999, which I understand has
been referred to a different committee.
I thank you and look forward to hearing the testimony from
our distinguished panel.
The Chair is pleased to recognize the author of the
legislation, the Chairman of the full Commerce Committee, the
honorable gentleman from Richmond, Virginia, Mr. Tom Bliley.
Chairman Bliley. Thank you, Mr. Chairman. You know, I
represent a district in the Commonwealth of Virginia, better
known as the ``Internet Capital of the World.'' It is home to
Internet companies, both large and small. As a result, I have
the chance to talk with leading Internet business executives
and visit cutting-edge technology companies. Everywhere I go
and everyone I speak to tells me how important it is for
Congress to pass legislation that provides legal recognition to
electronic signature and electronic records.
While I am speaking of Virginia, I also want to welcome Don
Upson, the Secretary of Technology for Virginia. Virginia was
the first State in the Nation to create a cabinet-level
position for technology secretary. I think this clearly shows
the commitment by Governor Gilmore and others in the State to
promote the growth of electronic commerce and information
technology.
We saw the explosion of electronic commerce during last
year's Christmas shopping season--far in excess of all the
predictions. The pace has not let up. When many people think of
electronic commerce, they think of buying books or airplane
tickets. But recently, we have seen people starting to buy
automobiles; getting approved for mortgages; or investing their
retirement funds online--something we could not have imagined
just a few years ago.
As the value and complexity of online transactions grows,
the need for knowing that the transaction is legally binding
becomes even more important. That is where H.R. 1714, the
Electronic Signatures in Global and National Commerce Act,
comes in. By clearing away the legal uncertainties surrounding
electronic signatures and records, more businesses will use
electronic signatures and consumers will feel more comfortable
doing business online. The technologies used to create and
transmit electronic signatures also provides much greater
safety and security to online transactions.
As I have stated many times during last year's series of
hearings on electronic commerce, I want to see that the safety,
security, and privacy of online consumers is protected.
Encouraging businesses and consumers to use electronic
authentication will help to do just that. I believe that H.R.
1714 is the correct approach to creating a legal framework for
accepting electronic signatures and records.
The legislation lays out a single nationwide standards for
the acceptance of electronic signatures and electronic records.
We do not pick or choose a specific type of electronic
authentication; nor do we choose what types of businesses
should be allowed to offer electronic signature services. The
legislation also provides guidance to the Department of
Commerce in the their international negotiations on electronic
authentication. I believe that the principles laid out in this
bill, such as technological and business neutrality and market
leadership, should be promoted overseas. I do not want to see
foreign nations instituting electronic authentication regimes
that would discriminate against American manufacturers or
providers of electronic authentication technology.
H.R. 1714 also amends Federal securities law to provide for
the legal acceptance of electronic signatures and records. This
provision will be the subject of an upcoming legislative
hearing in Mike Oxley's subcommittee. I do want to recognize
the efforts that States have been making in this area. Today
more than 40 States, as the chairman has said, have enacted
legislation that provides recognition of electronic signatures.
My concern is that every law is different. Many only allow
State agencies to accept electronic signatures; and some
provide legal recognition only to signatures generated by a
specific technology.
It is clear that for unfettered interstate commerce to take
place, we must establish a single, nationwide standard. I
understand that a uniform State law on electronic signatures is
being developed. I believe H.R. 1714 recognizes this effort by
allowing States to enact their own electronic signature bills
that follow the principles laid out in H.R. 1714.
I look forward to hearing the comments and issues raised in
this hearing and the future hearings on H.R. 1714. I am hopeful
that we will move H.R. 1714 through the committee and to the
House floor before the end of the year. These hearings move far
down the road to having this bill signed into law.
Thank you, Mr. Chairman. I yield back the balance of my
time.
Mr. Tauzin. I thank the chairman for his statement and for
his extraordinary attention to the issues of electronic
commerce at this committee and other subcommittee levels. By
the way, I want to commend you, Mr. Chairman, for not seeking
to claim the invention of the Internet.
Chairman Bliley. We already have a claimant to that.
Mr. Tauzin. The Chair is now pleased to recognize the
gentlelady who has a been a leader for a long time in the
digital signature area, the gentlelady from California, Ms.
Eshoo.
Ms. Eshoo. Thank you very much, Mr. Chairman, for your kind
words, as well. This is an important hearing today. I am
delighted to not only be a part of it, but to welcome everyone
that is here to testify. We are discussing legislation in which
we and Congress are trying to prevent a revolutionary way of
business from being really strangled by outdated laws.
Specifically, this legislation updates the law by declaring
that electronic signatures will be deemed valid.
This legislation extends the principle of electronic
authentication we established last Congress, with the passage
of my legislation which was entitled, ``The Government
Paperwork Elimination Act.'' That law required the Federal
Government to accept electronic signatures. We are now seeking
to extend that advancement to the commercial world. This is
more than an appropriate step for the Congress to be taking.
The Internet has really introduced many new buzzwords into
our lexicon, our vocabulary, words like: ``browser,'' ``web
page,'' and ``e-mail.'' The newest term, of course, is ``e-
commerce.'' The projections for the growth of electronic
commerce and its effect on the global economy are indeed
staggering. Last year, shoppers spent an estimated $9 billion
buying products online. That is quite an eye-opener--$9
billion. Business-to-business electronic commerce was nearly
five times greater than in the consumer market, reaching $43
billion just last year. By the year 2003, Forester Research
predicts business-to-business electronic commerce will climb to
$1.3 trillion. At the Federal level, we understand these sums.
That would constitute nearly 10 percent of all U.S. business
trade.
Not only are the Fortune 500 companies taking advantage of
this new way of doing and transacting business; but it offers
an extraordinary opportunity to over 5 million small businesses
in our country. Not long ago, small businesses, like the
jewelry store that my father owned in Connecticut, were limited
to doing business in the community that they were located in.
Now with the web page and some creative marketing, a store in
Connecticut may be repairing watches sent all the way from my
district, Palo Alto, California. Or jewelry stores in
Connecticut may be selling their products to department stores
in California.
The electronic commerce bill I introduced and the bill
before us today are attempts to make sure our laws permit that
businesses in Connecticut and stores in California do business
by utilizing the latest form of electronic signatures. Both
bills aim to ensure that those conducting business online and
who chose to sign electronic contracts with electronic
signatures will be able to do so with legal certainty.
Many States have already passed legislation. The chairman
of our committee just iterated that in his comments before us.
They have passed legislation allowing for the acceptance.
Unfortunately, this has resulted in a confusing maze of State
laws that hamper interstate commerce. States have been working
on developing a uniform model law to create one standard for
acceptance of electronic signatures and contracts similar to
what the Uniform Commercial Code accomplished for contract law.
It is expected to be completed soon and offered to the 50 State
legislatures for adoption.
The bill I introduced and the one we are discussing today
bridge the gap from now until the fiftieth State has passed a
version of this model law by preempting the existing confusion
of multiple State laws. In fact, identical bipartisan
legislation of mine, introduced in the Senate, has already been
endorsed by State governments and industry, alike.
I am concerned in this particular area that the bill we are
discussing today has somewhat of a heavy hand in implementing a
2-year deadline on States, and would inappropriately give the
Secretary of Commerce the ability to enjoin State laws. So I
look forward to discussing with the panelists today their
impression of the section in question: section 102 of H.R.
1714.
I want to salute the chairman of our committee for his
broad and important interest in this area of electronic
commerce. I look forward to working with him and Chairman
Tauzin on improving this legislation so that it can, indeed, be
adopted in the 106th Congress, at a time when it really is
going to count the most. Thank you, Mr. Chairman. I yield back.
Mr. Tauzin. I thank the gentlelady. Indeed, the committee
is grateful to her for her pioneering work in this area and her
commitment to continue this process. The Chair is now pleased
to welcome and recognize the gentlelady, Ms. Cubin, for an
opening statement.
Mrs. Cubin. Thank you, Mr. Chairman. Thank you also for
holding this important legislative hearing on H.R. 1714, the
Electronic Signatures in Global and National Commerce Act, or
E-SIGN.
The commercial activity that takes place over the Internet
is staggering. It is growing rapidly. We are witnessing an
incredible expansion of business transactions over the network.
I am personally amazed at how much commercial activity was
conducted over this past Christmas season. You know, since I
like to shop, it was even better.
E-commerce moves us from making traditional face-to-face
purchases, of which we have all grown accustomed, to blindly
trusting a stranger at the other end of a computer screen to
responsibly and honestly carry out the transactions that we
want. H.R. 1714 will allow some semblance of trust when making
these blind transactions over the Internet. It will not only
bring some peace of mind to those of use who engage in e-
commerce; it will also promote growth and development of the
electronic commerce industry.
It is important the consumers be assured that there is
legal validity of contract or transaction that is made over the
Internet. I am a strong advocate for States' rights and
developing an environment where States can establish policy
that works best for each particular State. In the case of
electronic signatures, there are currently over 40 States that
have enacted some sort of legislation to recognize the validity
of electronic signatures. The problem, however, is that no two
States have an identical law. This makes it difficult to do
business transactions across State lines; and at the same time
ensure the legal validity of a contract where one State
recognizes it as being binding because is it was signed
electronically, rather than with a physical signature.
H.R. 1714 would establish a uniform, national framework for
the acceptance of electronic signatures and records. I support
the intent of Chairman Bliley's legislation, and I commend his
hard work in bringing this bill forward for discussion. I do
look forward to hearing from today's witnesses. I yield back
the balance of my time. Thank you, Mr. Chairman.
Mr. Tauzin. The Chair thanks the gentlelady from Wyoming.
The Chair would now recognize the gentleman from Tennessee, but
the gentleman from Michigan, the ranking minority member has
arrived. I wonder if the gentleman from Tennessee would allow
me to recognize him out of turn.
Mr. Gordon. Be happy to.
Mr. Tauzin. The gentleman from Michigan, the ranking member
of our full committee, Mr. Dingell, is recognized.
Mr. Dingell. Mr. Chairman, I thank you. I thank the
gentleman from Tennessee.
Mr. Chairman, I commend you for your holding this hearing.
This is an important matter. For centuries a legal contract was
not considered valid unless it was impressed with the seal of
the signer to prove its authenticity. More recently, China is
just beginning to move away from the idea that everything has
to be processed with a chop added to the document to establish
the authenticity of the document.
Just a few years ago, most of us would never have predicted
that a written signature on a sales contract would be obsolete,
but that situation appears to be coming upon us. As today's
business is conducted increasingly over the Internet and
through vast computer networks, the electronic signature is
becoming just as crucial for the smooth operation of commercial
law. In order for this new world of electronic commerce to take
shape, grow, and prosper, we must make sure that electronic
signatures are recognized as legal, secure, and binding.
Emerging technologies demand that our policies keep pace.
I congratulate Chairman Bliley for his efforts in this
area. His legislation, H.R. 1714, would make great strides in
furthering the use of electronic signatures in commerce. In
these goals he has my strong support. There is, however, one
area of this bill that causes me concern. While I agree that it
is useful at times to have a uniform national policy, we must
be careful not to impose our judgments on the States,
particularly at time when they, too, are actively studying
these same issues. In fact, I understand that a model State
code is currently under development. Many State legislatures
are likely to enact it in one form or another.
I believe that we should not interfere with their ability
to do so. We should enable the States and utilize the States
for the purposes of achieving a uniform national policy; but
allow the States to serve as a nursery for the development of
good, useful and new ideas. The States should have enough time
to fully evaluate this model code; then to write, debate, and
pass their own legislation. Unfortunately H.R. 1714, as
drafted, would limit to 2 years the period in which the States
would not be threatened by Federal preemption. I am afraid this
limitation may deny many States the opportunity to act on their
on behalf.
Again, I want to commend Chairman Bliley for his hard work.
But I want to recognize and commend, as well, my good friend
from California, Ms. Eshoo, for her strong commitment and
leadership in this issue.
I look forward to hearing from today's witnesses about how
we can develop a strong policy on electronic commerce, while at
the same time respecting the important role of the States. Mr.
Chairman, I thank you for your kindness to me this morning.
Mr. Tauzin. I thank the gentleman from Michigan. The Chair
is pleased now to recognize the gentleman from Tennessee, Mr.
Gordon, the author of the Digital Signature Act of 1999. Mr.
Gordon.
Mr. Gordon. Thank you, Mr. Chairman. My compliments for
having this hearing. My compliments to Chairman Bliley for
introducing this important bill. I want to be on record as
being supportive today.
I am going to poach a little time, if it is okay, to bring
up another collateral bill that I think is complementary. I
hope that we will have a chance to discuss it.
I first became interested in electronic signatures 2 years
ago, when the issue came up as part of the Computer Security
Enhancement Act of 1997. At that time, I was concerned about
how to encourage the widespread use of electronic signature
technologies essential to ensure consumer trust in electronic
commerce. In H.R. 1907, the computer enhancement bill that
passed the House, I inserted the provision that established a
national policy panel to address developing consensus on a
national electronic signature infrastructure.
Since then, with the leadership of my colleague and good
friend, Ms. Eshoo, Congress passed the Government Paperwork
Reduction Act, which requires Federal agencies to accommodate
electronic transactions by the year 2002. There have also been
a number of bills to deal with the legal status of electronic
signatures and electronic records. My concern for the last 2
years is how do we promote the widespread use of electronic
signatures by electronic commerce beyond the legal structure?
I introduced H.R. 1572, the Digital Signature Act of 1999,
with Science Committee Chairman Sensenbrenner, and Ranking
Member, George Brown. The bill directs NIST to develop
technology-neutral standards on interoperability to encourage
the effective use of electronic signature technology by the
Federal agencies, and encourages agencies to use off-the-shelf
commercial products and services. In addition, the bill
establishes a national working group under the Department of
Commerce to start working on other elements necessary to
encourage the widespread, everyday use of electronic signature
technology.
If electronic authentication systems are deployed by
agencies with little thought to interoperability, it will make
it harder--not easier--to conduct business electronically with
the Federal Government. We should ensure this is done in a
coordinated, technologically neutral way that promotes
interoperability and encourages agencies to commercial, off-
the=shelf products and services.
In a recent ``Federal Technology Week'' article, Tony
Trinkle, the Director of Electronic Services at the Social
Security Administration, said the following, ``The bill moves
the debate about standards in the right direction, especially
at a time when agencies are trying to comply with the GPEA
passed last year. The OMB guidelines do not provide much
additional help for agencies trying to choose an electronic
infrastructure in a growing market.''
These same concerns are what prompted me to introduce the
bill. Many of our international trading partners recognize the
importance of electronic authentication for electronic
commerce, and are already working on national electronic
signature infrastructures to facilitate the widespread use of
electronic signatures. My bill would address this critical
challenge by establishing a national working group with
industry, States, and other stakeholders to start to develop
consensus for this country. This would not only encourage
electronic commerce, but will also enhance our position in the
world market.
Again, Mr. Chairman, thank you for allowing me to bring in
some collateral issues. I am supportive of this bill you have
before us today.
Mr. Tauzin. The Chair thanks the gentleman. Does any other
member desire to make an opening statement? Mr. Sawyer? Mr.
Deal?
The Chair is pleased, now, to ask unanimous consent that
all members be permitted time to introduce into the record
written opening statements. Without objection, so ordered.
[Additional statements submitted for the record folow:]
Prepared Statement of Hon. Michael G. Oxley, a Representative in
Congress from the State of Ohio
The E-SIGN legislation we consider today represents an important
advance of law in the electronic age. Since $32 billion changed hands
in electronic commerce last year, it's time we act.
We need a federal law to overlay the patchwork quilt of 40 state
laws that now govern. E-commerce businesses need that legal certainty,
and their customers do, as well.
This legislation has a number of features that should commend it to
this committee.
It maintains the important concept of technology neutrality. It
applies to all businesses, regardless of their product lines or sizes.
It allows the parties to choose what kind of technology they want to
use in making their electronic agreements.
And, it has an international section so that we can promote our
principles overseas as the global standard.
All state contract law remains intact, with the only change being
the federal overlay of the digital signature law. All anti-forgery and
anti-fraud law would remain in place without change.
This change will begin to save unnecessary costs and time wasted
while paper signatures cross the country through the mail.
E-commerce is booming, and this legislation will support that
healthy growth by offering efficiency to businesses and convenience to
customers.
Thanks to Chairman Bliley for crafting this legislation. I look
forward to conducting another hearing on this bill in the Finance and
Hazardous Materials Subcommittee later this month.
______
Prepared Statement of Hon. Thomas C. Sawyer, a Representative in
Congress from the State of Ohio
Thank you Mr. Chairman for holding this legislative hearing this
morning on H.R. 1714, the Electronic Signatures in Global and National
Commerce Act. I also want to thank our witnesses for coming to share
their views on this legislation.
A few years ago, a lot of attention was focused on the use of the
Internet as a means for expression and communication. We have seen the
effects it has on the way students, teachers and everyday citizens
share and use information. Similarly, in a relatively short period of
time, the Internet has grown in importance as a major tool for
conducting commerce. It has profoundly reshaped the traditional ways in
which business is conducted both domestically and internationally.
Therefore, it should come as no surprise that there would be increasing
demands for more innovative and efficient ways for completing
electronic commerce transactions using digital signatures or some other
personal authentication devices, that are legally binding, without ever
leaving the confines of your computer room. We have become a society
that looks for and that wants convenience.
Today, our witnesses will testify on the merits of H.R. 1714. The
intent of the legislation is to provide uniform national standards with
respect to electronic signatures and their authentication because, for
the most part, each state has their own set of guidelines in place. I
would also like to thank Congresswoman Eshoo and Congressman Boucher
for introducing legislation in this area as well. Although their bills
differ from H.R. 1714, the underlying intent is the same. That is to
prevent personal transactions that are completed by electronic
signature mechanisms from being discriminated against because they were
not done in a traditional way.
H.R. 1714 contains two provisions that I hope to hear more about.
The first is that states will have two years in which to develop
alternative electronic signatures policies and procedures in order for
state statutes to supersede provisions within H.R. 1714. My concern is
that some state legislatures don't meet as often for legislative
business, in some cases once a year. The second issue is that the
legislation gives the Secretary of Commerce the ability to enjoin legal
proceedings if the Secretary believes state statutes violate the spirit
of this bill. I hope Mr. Pincus will be able to share his views on this
particular topic.
For the most part Mr. Chairman, I think this bill is a good piece
of legislation. Clearly, this new era of telecommunications has
affected the way we function as a society. We must be able to adapt to
the new technologies being deployed to continue addressing the needs of
our constituencies and to help further promote business.
Again, thank you Mr. Chairman for holding this hearing. I look
forward to our witnesses' testimony.
Mr. Tauzin. The Chair also wants to advise our
distinguished panel today that your written statements are
automatically part of our record. As I introduce you today I
would ask you to please summarize those statements in a
conversational fashion with us, by hitting the high points of
your testimony, so we can do it within the 5-minute rule; then
have time to enter into a dialog with you on your comments.
So we will begin by introducing this very distinguished
panel, beginning with Mr. Andy Pincus, the General Counsel for
the U.S. Department of Commerce. Mr. Pincus, you are now
recognized to make your opening statement.
STATEMENTS OF ANDREW J. PINCUS, GENERAL COUNSEL, DEPARTMENT OF
COMMERCE; DONALD W. UPSON, SECRETARY OF TECHNOLOGY,
COMMONWEALTH OF VIRGINIA; JEFFREY SKOGEN, INTERNET MARKET
MANAGER, FORD MOTOR CREDIT COMPANY; DANIEL GREENWOOD, DEPUTY
GENERAL COUNSEL, INFORMATION TECHNOLOGY DIVISION, COMMONWEALTH
OF MASSACHUSETTS; ARI ENGELBERG, PRESIDENT AND FOUNDER OF
STAMPS.COM, INCORPORATED; JOHN E. SIEDLARZ, PRESIDENT AND CHIEF
EXECUTIVE OFFICER, IRISCAN, INCORPORATED, ON BEHALF OF THE
INTERNATIONAL BIOMETRIC INDUSTRY ASSOCIATION; AND CHRISTOPHER
T. CURTIS, ASSOCIATE GENERAL COUNSEL, CAPITAL ONE FINANCIAL
CORPORATION
Mr. Pincus. Thank you, Mr. Chairman. I am honored to appear
before the subcommittee today.
As you and the other members of the subcommittee have
mentioned, the Internet is revolutionizing every aspect of
business, not just in our country, but throughout the world.
These developments require the attention of governments to
ensure that we are doing everything that we can to enable the
development of this important new medium of commerce.
Chairman Bliley, Mr. Dingell, you, Mr. Chairman, and the
other members of this committee clearly recognize this fact.
You have taken a leadership role in ensuring that our country
remains at the forefront in creating and exploiting the
possibilities of electronic commerce. As other countries begin
to recognize the potential of this new medium, we must continue
to lead the way, not just in the private sector where we
clearly are leading the way; but also in crafting the
appropriate policy framework for these new developments. As we
have in the past, the administration, and especially those of
us at the Commerce Department, look forward to working with you
on these important issues.
H.R. 1714 addresses a subject that is at the very core of
enabling electronic commerce. It is obvious that e-commerce
will grow only if parties' transactions over the Internet are
just as legally binding as their transactions in the physical
world. Although everyone hopes they will not have to end up in
court and hire a lawyer, they obviously want to be sure that
there is a way to hold the other party to the contract to their
obligations, in case something does go wrong.
There are basically, as we see it, two issues in
accomplishing this goal. First, eliminate statutory rules that
require paper contracts. We obviously have to be sure that
electronic agreements have the same legal status as paper
contracts. The second question is when and how does an
electronic contract become legally binding on the parties? In
the physical world, the general rule is that the party has to
manifest his or her intent to be bound. This can be done with a
written signature; but it can also be done with an ``X,'' or by
an exchange of telegrams or various other means by which a
court will conclude that there was an intent by both parties to
be bound by the contract.
In the online environment, we advocate the same approach.
There already are--and certainly, the way technology is
evolving, there will be even more in the future--different ways
to electronically sign a contract: everything from typing your
name at the end of an e-mail and sending it, to using very
sophisticated biometric or digital signature technology to
evidence one's intent to be bound.
The market is in a very, very early state of evolving. It
is clear that companies and individuals are using different
types of authentication technology for different kinds of
transactions, as they do in the physical world. We think it is
very, very important to let that evolution take place and let
the market continue to examine and test various forms of
signature technology. In fact, last week I was privileged to
participate in a workshop held in California by the OECD and
the private sector that spent 2 days hearing presentations from
various sectors--the manufacturing sector, the financial
sector--on the kinds of signature technologies and the
different business models that are being used to provide a
legal basis for agreement in those sectors.
I think that we are in agreement on the basic principles
that should govern the resolution of these two basic issues.
First, as I said, eliminate barriers, paper contract
requirements, and requirements of pen-and-ink signatures that
are relics of an earlier age. Ensure technological neutrality,
as several members of the subcommittee have said. It is very
important that any legal rules that are adopted allow all these
different technological approaches to have legal validity.
Finally, be sure that parties are free to agree upon a means of
authenticating their transactions; and if they do that, their
subsequent agreements that are authenticated in that manner
will be legally binding.
What we are seeing right now in electronic commerce is
those kinds of systems where parties--auto companies and their
suppliers, for example--set up an electronic structure for
engaging in electronic ordering and electronic contracting and
agree to use a particular technology for authentication. In
order to allow those kinds of--what has come now to be known
as--``closed systems'' to develop, we have to be sure that they
do create legally binding agreements.
We also agree that, as H.R. 1714 provides, there must be
considerable attention paid to promoting these principles
internationally. One of the most promising aspects of the
Internet is its ability to facilitate cross-border
transactions. It used to be that to be an exporter you had to
be a big company and have agents all around the world to hawk
your products. Now, all you need is a website and you will have
access to every market in the world. Of course, we need
international rules that will ensure that cross-border
contracts that are made as a result of that access actually are
legally enforceable.
As discussed in my written testimony, we have been working
very hard on this issue. It is certainly useful to be sure that
the entire U.S. Government, the administration, and the
Congress, make clear to the rest of the world that these basic
principles are important to us.
Domestically, as several members of the subcommittee have
mentioned, we also need rules that implement these principles.
This area of contract law has long been the province of the
States. Through the uniform law process, the National
Conference of Commissioners on Uniform State Laws has developed
the Uniform Electronic Transactions Act, as a number of the
members of the subcommittee mentioned; and plan to submit that
act for adoption to the States at the end of July.
If we could wave a wand and have all 50 States enact that
law, clearly the problem would be solved. We would have a very
strong basis in domestic law for electronic commerce that meets
all of our principles. There is concern, as you mentioned, Mr.
Chairman, about the speed by which the States will adopt this.
We don't think, right now, that there is evidence that the
absence of uniform law is obstructing the growth of e-commerce.
Although people have pointed to some differing laws, many of
those laws only relate to government transactions. A lot of the
States haven't spoken to the question of private commercial
transactions. Certainly, at some point it may become true that
the absence of a national standard is inhibiting domestic
commerce. We need to create an environment that will encourage
the States to move quickly to adopt the UETA. Our view is that
the States should be given a chance to do that. If there is not
quick action, it may then well be appropriate to establish some
Federal rule to fill the gap until the States have adopted that
measure.
Thank you very much, Mr. Chairman, I look forward to
answering the subcommittee's questions.
[The prepared statement of Andrew J. Pincus follows:]
Prepared Statement of Andrew J. Pincus, General Counsel, Department of
Commerce
Mr. Chairman, members of the Subcommittee, thank you for inviting
me to testify today about H.R. 1714, the ``Electronic Signatures in
Global and National Commerce Act.'' As suggested in your letter
inviting me to testify at this hearing, Mr. Chairman, my statement
addresses the Administration's views concerning only titles I and II of
the bill. Also, other agencies, including the Department of Justice,
are reviewing this legislation and may have additional comments or
concerns.
It is now an undeniable fact that the Internet is revolutionizing
every aspect of business, not just in our country, but throughout the
entire world. Although the amount of commerce conducted over the
Internet is small as a percentage of our total economy, it is growing
at a very rapid rate. In early 1998, experts estimated that Internet
retailing might reach $7 billion by the year 2000. In all likelihood,
this level was exceeded last year, and forecasters now project on-line
retail sales greater than $40 billion by 2002. Similarly, in last
year's Emerging Digital Economy Report, we noted that forecasters were
suggesting that electronic commerce might rise to $300 billion by 2002.
More forecasters now consider the estimate to be low, with Forrester
Research estimating that all electronic commerce (including business-
to-business activity) will rise to $1.3 trillion by 2003.
The Framework for Global Electronic Commerce issued by President
Clinton and Vice President Gore in July 1997 pointed out that ``[m]any
businesses and consumers are still wary of conducting extensive
business over the Internet because of the lack of a predictable legal
environment governing transactions.'' President Clinton directed
Secretary Daley to ``work with the private sector, State and local
governments, and foreign governments to support the development, both
domestically and internationally, of a uniform commercial legal
framework that recognizes, facilitates, and enforces electronic
transactions worldwide.'' The Framework identified several key
principles to guide the drafting of these legal rules:
parties should be free to order the contractual relationship
between themselves as they see fit;
rules should be technology-neutral (i.e., the rules should
neither require nor assume a particular technology) and forward
looking (i.e., the rules should not hinder the use or
development of technology in the future);
existing rules should be modified and new rules should be
adopted only as necessary or substantially desirable to support
the use of electronic technologies; and
the process should involve the high-tech commercial sector as
well as businesses that have not yet moved online.
The basic legal framework needed to enable electronic transactions
in a commercial context consists of two essential elements. First is
the elimination of statutory rules requiring paper contracts. There is
a broad consensus that--with the exception of a few specialized
agreements (wills and property deeds, for example)--parties' electronic
agreements should have the same legal status as paper agreements.
The second element involves when and how an electronic commercial
contract becomes legally binding on, and therefore enforceable in court
against, a person or entity that is a party to the contract. In the
off-line world, the key question is whether a party has manifested its
intent to be bound by the contract, which generally occurs through a
written record, and often, affixing a written signature to that written
record. A signature, however, often is not a legal requirement (for
example, a binding contract may be formed through an exchange of
telegrams). The issue is, how can we apply and use long-standing
commercial principles in connection with transactions in cyberspace?
As in the off-line world, there are a large variety of means by
which a party may electronically evidence his agreement to the terms of
a contract--what has come to be termed ``electronic authentication.''
He could type his name at the end of an e-mail message containing the
terms of the agreement. He could end the message with a previously
agreed-upon code-word. He could end the message with an electronic
facsimile of his written signature created by using an electronic
stylus. He could ``sign'' the message using some form of digital
signature technology. He could also ``sign'' the message using some
form of biometric technology. Moreover, the technology models are
evolving rapidly, and we will see further new technologies in the
future. The private sector today is using a variety of forms of
electronic authentication.
One other variable is important in understanding the legal
standards governing electronic authentication. When electronic commerce
was first beginning, some observers imagined a world in which everyone
would have a single, universal digital identifier that would be used to
authenticate each individual's electronic transactions. That would
enable each individual to surf the Internet and enter into transactions
with anyone he encountered, confident that the other party's digital
identifier provided a legally valid means of identifying that party in
the event the transaction ended up in court.
Although the future may see creation of both a market and the
infrastructure needed for such as system to authenticate transactions,
it does not exist now and is not likely to exist in the near term (and
probably not even in the medium term). Most of today's electronic
transactions occur in what are termed ``closed systems''--systems in
which parties that already are related in some manner conduct
electronic transactions with each other pursuant to a system that the
parties have agreed by contract or practice to utilize for that
purpose. This model is reflected in sectors as diverse as manufacturing
and banking and financial services where commercial parties establish
the technological approach they will rely on, as well as the rules by
which they will operate, assign risk and settle disputes. One example
is the effort by the three major U.S. auto makers to develop on a
unified basis a global system to tie product development together with
more than 15,000 suppliers operating around the world. This Automotive
Exchange Network will begin operating this fall. In a more traditional
vein, the international network by which credit transactions are
managed is predicated in large part on a series of agreements between
banks and retailers, and by users. And, as a further example, the
consortia of financial institutions that established Identrus enabled
companies to conduct worldwide trusted business-to-business electronic
commerce with any member of their network.
With this background, I would like to describe briefly what we in
the Commerce Department have been doing over the last two years to
carry out the President's directive to support creation of an
appropriate legal framework for electronic commerce.
State law has long supplied the basic standards governing private
commercial transactions within the United States. The National
Conference of Commissioners of Uniform State Law (NCCUSL) has been
working since early 1997 to adapt these legal standards to cyberspace
by drafting a new model ``Uniform Electronic Transactions Act'' (UETA)
to establish a predictable, minimalist framework to provide legal
recognition to both electronic records and electronic signatures. The
NCCUSL process involves broad consultation with legal experts and other
interested parties, and permits observers to attend and participate in
meetings of the drafting committees. As this Committee knows, NCCUSL's
primary task is to determine which areas of the law would benefit from
uniformity, and to write and recommend uniform laws to State
legislatures for enactment. NCCUSL has written more than 200 uniform
laws, including the Uniform Partnership Act, the Uniform Trade Secrets
Act, the Uniform Probate Code, the Uniform Limited Partnership Act, and
the well-known Uniform Commercial Code, a joint project with the
American Law Institute. I understand that the UETA will receive final
consideration at the NCCUSL Annual Meeting to be held at the end of
July. If, as expected, the UETA is finally approved, it will be
submitted to the States for adoption.
In our view, taking into account the principles that guide the
Administration's policy in this area, the current UETA draft will
provide an excellent domestic legal framework for electronic
transactions, as well as a strong model for the rest of the world. It
is enabling, not prescriptive, and also technologically neutral. We
hope that this measure will be adopted quickly by the States.
The Government Paperwork Elimination Act passed by Congress last
year addresses the appropriate balance to be struck by the Federal
Government in selecting technologies for use in its communications with
non-government entities and persons.
Let me turn to the international arena, where the situation is more
complicated, and where our efforts focus on ensuring that our
principles form the basis for enabling electronic commerce worldwide.
On the one hand, there is a broad consensus, reflected in the
UNCITRAL Model Law on Electronic Commerce adopted in 1996, that
communication of legally significant information in electronic form may
be hindered by legal obstacles to the use of such data, or by
uncertainty as to their legal effect or validity. The Model Law offers
a set of internationally acceptable rules as to how such legal
obstacles may be removed and a more secure legal environment may be
created to facilitate electronic commerce across national borders. We
are pleased that the U.S. efforts in the UETA are built on this
international consensus.
On the other hand, with respect to electronic authentication, at
least two different legal models are developing internationally. The
first is the model represented by the UETA and the UNCITRAL Model Law,
which eliminates barriers to electronic agreements and electronic
signatures but does not grant special legal status to any particular
type of authentication.
The second model provides for a greater degree of government
regulation of authentication services. It allows a government to create
a preference for one or more forms of electronic authentication by
establishing specific technical requirements for electronic signatures
and often providing a presumption that electronic contracts signed
using that methodology are legally binding. The European Union's
Electronic Signatures Directive, scheduled to be considered by the
Parliament this fall, follows this approach.
Since July 1997, we have been consulting with countries to
encourage their adoption of an approach to electronic authentication
that will assure parties that their transactions will be recognized and
enforced worldwide. Under this approach, countries would: (1) eliminate
paper-based legal barriers to electronic transactions by implementing
the relevant provisions of the 1996 UNCITRAL Model Law on Electronic
Commerce; (2) reaffirm the rights of parties to determine for
themselves the appropriate technological means of authenticating their
transactions; (3) ensure any party the opportunity to prove in court
that a particular authentication technique is sufficient to create a
legally binding agreement; and (4) state that governments should treat
technologies and providers of authentication services from other
countries in a non-discriminatory manner.
We have been successful in encouraging the adoption of this
approach in a variety of multilateral and bilateral contexts. In
October 1998, the OECD Ministers approved a Declaration on
Authentication for Electronic Commerce affirming these principles. In
addition, we negotiated joint statements affirming these principles
with several important trading partners, including France, Japan,
Korea, Ireland, Australia and the United Kingdom. Further, we have
asked UNCITRAL to consider a binding international convention on
electronic transactions that would embody these principles. (A copy of
this proposal is attached.)
Let me now turn to the provisions of H.R. 1714. Subsection (a) of
Title II requires the Secretary of Commerce, acting through the
Assistant Secretary for Communications and Information, within 90 days
of enactment, to complete a comprehensive inquiry to identify, among
other things, any domestic or foreign impediments to commerce in
electronic signature products and sources. This study would be updated
annually. Although such a study would provide useful information, we of
course do not have sufficient resources to examine for ourselves the
legal rules of every State and every country. If a study were
authorized, therefore, we would base our report upon information
obtained as a result of outreach to the private sector.
Title II also requires the Secretary of Commerce to promote
internationally the acceptance and use of electronic signatures in
accordance with principles spelled out in section 201(b)(2). As I have
discussed, we believe that the global nature of electronic commerce
mandates close consultation with other countries to ensure that the
legal standards for the formation of electronic contracts foster,
rather than obstruct, cross-border electronic transactions. We plan to
continue those efforts.
In general, the principles set forth in section 201(b)(2) are
consistent with those that we have espoused with respect to these
issues. We do have a few suggestions regarding the particular language
of this section.
First, we are concerned that section 201(b)(2)(C), dealing with the
autonomy of parties to electronic transactions, might be read to allow
government regulation of such transactions, because the modifier
``reasonable'' could be read to permit government second-guessing of
the parties' choice of authentication method. In addition, the
paragraph does not clearly state that agreed-upon authentication
measures must be given legal effect.
Second, because the fourth principle (section 201(b)(2)(D)) applies
only where there is an agreement among the parties, it does not
encompass the general principle that, even in the absence of an
agreement, electronic records and electronic signatures should as a
general matter have the same legal status as their paper equivalents.
Third, these principles apply with respect to the legal framework
established by governments for private commercial transactions. But
governments will also be making decisions concerning authentication
technology as market participants--for example in selecting the
particular technology to use in entering into government contracts
electronically or in providing various types of government benefits to
citizens. In that situation, governments will not be able to observe
the neutrality principle set forth in section 201(b)(2)(B), because
they will have to choose among competing authentication providers.
We would be happy to work with the Subcommittee on these and other
drafting issues. Also, because the Commerce Department's current
efforts with respect to these issues are led by the General Counsel's
office, with support from several bureaus within the Department in
addition to the National Telecommunications and Information
Administration (NTIA), we request that any responsibilities conferred
by the bill upon this agency be vested in the Secretary alone so that
he may organize the Department's implementation of the law in the most
effective and efficient manner possible.
Title I of the bill focuses on the domestic legal standards
governing electronic contracts. It appears to extend to both government
transactions (both Federal and State) and agreements between private
entities. For such agreements, section 101 requires that agreements and
signatures in electronic form be given the same legal effect as written
agreements and written signatures. It would also enable the parties to
establish ``reasonable requirements'' regarding the types of electronic
records and electronic signatures acceptable to them.
With respect to private commercial agreements, as I have discussed,
State law has long supplied the governing legal standards. Through the
NCCUSL process, our commercial law has been made consistent nationwide
and is the envy of the world. We believe that strong evidence of a
problem should be required before casting aside this tried and true
method for establishing the legal standards for commercial
transactions.
We do not believe that the case has been made for overriding this
State law process. Some have expressed concern about the current lack
of uniformity among the States on these issues, but they have not been
able to point to any real-world problems in this specific area that are
currently obstructing the development of electronic commerce. Rather,
the concern appears to be that at some point in the future, the absence
of uniform legal standards for electronic authentication will create a
problem.
The issuance of the UETA at the end of July responds directly to
this concern. The States will then have the basis to adopt uniform
rules. It is true that the State adoption process has in the past taken
a number of years, but there is considerable eagerness among the States
to foster the development of electronic commerce. Accordingly, there is
reason to believe that adoption of this measure may proceed at a
quicker-than-usual pace.
Of course, if the States do not act in a timely manner, problems
could well develop and then it would become necessary to use Federal
law to fill the gap created by less than unanimous enactment of the
UETA. But I believe it is appropriate to work with the NCCUSL process
to urge the States to act promptly and responsibly in this area, and to
give the States time to act--before creating a new regime of Federal
law.
Caution is also appropriate because enacting specific Federal rules
may be a cure that is worse than the disease. As the UETA is adopted by
the States, there may be disputes about the extent to which it
satisfies the Federal standard and the extent to which State law rules
left undisturbed by the UETA are nonetheless invalid under section 101
or saved by section 102(a). Although H.R. 1714 does not create a
private right of action, it presumably would permit any party in an
action to enforce (or invalidate) an electronic contract to argue that
section 101 overrides (or saves) the State law rules invoked by the
other party. Rather than creating uniformity and certainty, therefore,
Federal standards might compound the uncertainty over the governing
legal rules.
We also have concerns about section 102(c), which would empower and
require the Secretary of Commerce to bring actions to enjoin the
enforcement of State statutes, regulations or rules prohibited by this
Act. As a practical matter, the simple availability of this injunctive
authority could undermine confidence in the validity of States' laws
and regulations affecting electronic commerce, and significant use of
this authority would cause additional uncertainty and delay in
clarifying both State and federal laws in this area.
Let me also mention some specific concerns about the language of
Title I.
First, section 101(b), which is designed to enable contractual
systems, is limited to ``reasonable'' requirements established by the
parties and therefore could lead to judicial second-guessing of the
validity of an authentication method chosen by the parties. The
provision also does not make clear that the type of electronic
signature chosen by the parties should be accorded legal effect (as
evidencing the intent of the parties to bind themselves to the terms of
the contract).
Second, although section 102(a) allows the States to supersede the
Federal rules, paragraph (a)(3) places a two-year time limit on their
authority to do so. Given the rapidly evolving nature of the Internet,
and of technology in general, we do not believe it would be appropriate
to limit the States' power in this manner.
Third, section 102(b)(4) bars the States from superseding section
101 in a manner that ``is otherwise inconsistent with the provisions of
section 101.'' Because any State measure that is preempted by section
101 would be inconsistent with that provision, this paragraph of
section 102(b) could be read to eliminate all State authority to
supersede section 101.
Fourth, H.R. 1714's definition of ``electronic signature'' (section
104(2)) combines two separate concepts--the identity of a party to the
transaction and that party's intention to be bound to the agreement, on
one hand, and the integrity of the document on the other hand. The UETA
separates these concepts (see the separate definitions of ``electronic
signature'' and ``security procedure''). This separation is important
because, for example, some methods of ``signing'' do not, by
themselves, ensure the integrity of the document (but may rely on other
approaches for this function), and those technological methods would
appear not to receive protection under the bill's definition,
regardless of the intent of the parties.
Fifth, we are concerned about the effect of Title I on the ability
of the Federal Government, and of State governments, to choose
particular authentication methods for use in government contracting or
in distributing government benefits. In making those decisions, there
obviously will be rules, and perhaps statutes as well, that require the
use of certain types of electronic authentication in order for the
agreement to be binding. This problem could be solved by focusing Title
I on government steps to enable private transactions and excluding
government transactions from its scope.
Thank you Mr. Chairman. I would now be happy to answer any
questions you may have.
DRAFT INTERNATIONAL CONVENTION ON ELECTRONIC TRANSACTIONS
CHAPTER I:
Proposed Goal of Chapter I: To set forth any necessary definitions.
To be developed after Chapter II and III.
CHAPTER II:
Proposed Goal of Chapter II: In order to implement the legal rules
articulated in the second section, as set forth below, it may be
necessary for states to review their existing and proposed legislation
to assure that it is appropriately tailored to electronic transactions.
In order to facilitate such review and adoption on a harmonized basis,
the following general obligations are proposed as the framework states
should use to support electronic transactions on a global basis.
POSSIBLE LANGUAGE:
II. General Obligations
To encourage the free flow of electronic transactions and to avoid
the creation of barriers to these transactions, subject to overriding
public policy, the Contracting States hereby agree as follows:
Modification of Existing Rules and Minimal Adoption of New
Rules--States shall make only those changes to their laws that
are necessary to support the use of electronic transactions.
Existing rules should be modified and new rules adopted only in
cooperation with the private sector and where necessary.
Contracting States recognize that parties to a transaction may
determine the method of authentication for that transaction.
Recognizing that parties may make this determination and recognizing
that this determination should have the legal effect intended by the
parties, the Contracting States agree as follows:
Party Autonomy--Parties to a transaction should be permitted,
to the maximum extent possible, to determine by contract the
appropriate technological and business methods of
authentication with the assurance that those means will be
recognized as legally binding, whether or not those
technological and business means are specifically addressed by
legislation or regulation. The terms of any agreement
(including closed systems) between parties governing their
transaction should be enforced without regard to any statutory
framework governing electronic authentication.
Further, Contracting States recognize that cryptography is not the
sole means of proving the source or existence of a message. Recognizing
that parties may establish the source or existence of a message in
different ways, Contracting States agree as follows:
All Authentication Technologies and Business Methods May Be
Evidence of Authenticity--Where the law requires evidence of
the authenticity or integrity of a message, a party shall be
permitted to use any authentication technology or business
method, whether or not such authentication technology or
business method has been specifically addressed by legislation
or regulation.
Electronic Authentication methods should not be ``locked in''
through legislative fiat but rather should allow for changing
applications for existing and future technologies. Therefore, the
Contracting States agree that:
Technology Neutrality--Any rules should neither require nor
hinder the use or development of authentication technologies.
States should anticipate that authentication methods will
change over time and avoid legislation that might preclude
innovation or new applications. States should avoid laws that
intentionally or unintentionally drive the private sector to
adopt only one particular technology for electronic
authentication to the exclusion of other viable authentication
methods.
Authentication technologies may be implemented and used by
businesses in ways that were not originally envisaged when legislation
was passed. Recognizing that technology may be used for purposes such
as establishing age or authority, which may go beyond verifying
identity and achieving non-repudiation, and recognizing that business
models for authentication may not use third parties, the Contracting
States agree that:
Implementation Neutrality--Any rules should neither require
nor hinder the use or development of new or innovative business
applications or implementation models.
To remove barriers to the free flow of electronic transactions and
to avoid the creation of new barriers, subject to overriding public
policy, the Contracting States agree that:
Non-Discrimination--States shall accord to providers and users
of authentication technologies and business methods of another
state treatment no less favorable than it accords in like
circumstances to its own providers and users of authentication
technologies and business methods.
Avoid Unnecessary Barriers to Trade--States should enhance the
flow of cross-border electronic transactions and not create
unnecessary barriers to trade.
CHAPTER III:
Proposed Goal of Chapter III: To recognize the acceptability of
electronic signatures for legal and commercial purposes, define the
characteristics of a valid electronic writing and an original document,
support the admission of electronic evidence and the electronic
retention of records. These provisions would be drawn from the enabling
provisions of the UNCITRAL Model Law on Electronic Commerce.
POSSIBLE LANGUAGE:
III. Specific Obligations
Contracting States recognize the work of the United Nations
Commission on International Trade Law and the importance of
establishing its governing provisions on a uniform, international
basis. Contracting States also recognize information is increasingly
generated, stored, sent, received or otherwise processed
electronically, rather than in a paper based form. Recognizing these
important business practices, the Contracting States hereby agree on
the following:
Legal Recognition of Data Messages
Information shall not be denied legal effect, validity or
enforceability solely on the grounds that it is in the form of a
data message. [Source Model Law on Electronic Commerce Article 5]
Formation and Validity of Contracts
(1) In the context of contract formation, unless otherwise agreed by
the parties, an offer and the acceptance of an offer may be
expressed by means of data messages. Where a data message is
used in the formation of a contract, that contract shall not be
denied validity or enforceability on the sole ground that a
data message was used for that purpose.
(2) The provisions of this article do not apply to the following . .
. [limited exception]. [Source Model Law on Electronic Commerce
Article 11]
Contracting States recognize that the formal requirements that
currently exist under many legal regimes may constitute insurmountable
barriers to the conduct of electronic transactions on an international
basis. As a result, there is a paramount need for assuring that
electronically transmitted messages are allowed to satisfy these formal
requirements subject to overriding public policy. Therefore, the
Contracting States agree as follows:
Writing
(1) Where the law requires information to be in writing, that
requirement is met by a data message if the information
contained therein is accessible so as to be usable for
subsequent reference.
(2) Paragraph (1) applies whether the requirement therein is in the
form of an obligation or whether the law simply provides
consequences for the information not being in writing.
(3) The provisions of this article do not apply to the following . .
. [limited exception]. [Source: Model Law on Electronic
Commerce Article 6]
Signature
(1) Where the law requires a signature of a person, that requirement
is met in relation to a data message if:
(a) a method is used to identify that person and to indicate that
person's approval of the information contained in the data
message; and
(b) that method is as reliable as was appropriate for the purpose
for which the data message was generated or communicated,
in the light of all the circumstances, including any
relevant agreement.
(2) Paragraph (1) applies whether the requirement therein is in the
form of an obligation or whether the law simply provides
consequences for the absence of a signature.
(3) The provisions of this article do not apply to the following . .
. [limited exception]. [Source: Model Law on Electronic
Commerce Article 7]
Original
(1) Where the law requires information to be presented or retained in
its original form, that requirement is met by a data message
if:
(a) there exists a reliable assurance as to the integrity of the
information from the time when it was first generated in
its final form, as a data message or otherwise; and
(b) where it is required that information be presented, that
information is capable of being displayed to the person to
whom it is to be presented.
(2) Paragraph (1) applies whether the requirement therein is in the
form of an obligation or whether the law simply provides
consequences for the information not being in writing.
(3) For the purposes of subparagraph (a) of paragraph (1):
(a) the criteria for assessing integrity shall be whether the
information has remained complete and unaltered, apart from
the addition of any endorsement and any change which arises
in the normal course of communication, storage and display;
and
(b) the standard of reliability required shall be assessed in the
light of the purpose for which the information was
generated and in the light of all the relevant
circumstances.
(4) The provisions of this article do not apply to the following . .
. [limited exception]. [Source: Model Law on Electronic
Commerce Article 8]
The Contracting States recognize that the inability of parties to
prove the existence of electronic transactions in the event of dispute
and formal judicial proceedings may itself be an inhibition to the
conduct of electronic transactions. To assure the legal equivalence of
electronic documents with paper based ones, the Contracting States
agree that:
Admissibility and Evidential Weight of Data Messages
(1) In any legal proceedings, nothing in the application of the rules
of evidence shall apply so as to deny the admissibility of a
data message in evidence:
(a) on the sole ground that it is a data message; or,
(b) if it is the best evidence that the person adducing it could
reasonably be expected to obtain, on the grounds that it is
not in its original form.
(2) Information in the form of a data message shall be given due
evidential weight. In assessing the evidential weight of a data
message, regard shall be had to the reliability of the manner
in which the data message was generated, stored or
communicated, to the reliability of the manner in which the
integrity of the information was maintained, to the manner in
which its originator was identified, and to any other relevant
factor. [Source: Model Law on Electronic Commerce Article 9]
Contracting States further recognize that requirements for record
retention, which exist both as a matter of law and business practice,
may prove to be obstacles for electronic transactions. The Contracting
States agree, therefore, that:
Retention of Data Messages
(1) Where the law requires that certain documents, records or
information be retained, that requirement is met by retaining
data messages, provided that the following conditions are
satisfied:
(a) the information contained therein is accessible so as to be
usable for subsequent reference; and
(b) the data message is retained in the format in which it was
generated, sent or received, or in a format which can be
demonstrated to represent accurately the information
generated, sent or received; and
(c) such information, if any, is retained as enables the
identification of the origin and destination of a data
message and the date and time when it was sent or received.
(2) An obligation to retain documents, records or information in
accordance with paragraph (1) does not extend to any
information the sole purpose of which is to enable the message
to be sent or received.
(3) A person may satisfy these requirement referred to in paragraph
(1) by using the services of any other person, provided that
the conditions in subparagraphs (a), (b) and (c) of paragraph 1
are met. [Source: Model Law on Electronic Commerce Article 10]
Mr. Tauzin. Thank you very much, Mr. Pincus. I was just
thinking about how a handshake counts in some States, as well.
You go to Texas; that is as good as a signature.
The Chair is now pleased to welcome the Hon. Donald Upson,
the Secretary of Technology for the Commonwealth of Virginia,
who has already been welcomed by the chairman of the full
committee.
Secretary Upson, I might note that it would be good if you
had a conversation with the Secretary of Transportation. I
understand you had a little difficulty getting over here today.
Many of us do every morning, trying to get to work. We
appreciate and welcome your testimony.
STATEMENT OF DONALD W. UPSON
Mr. Upson. Thank you, Mr. Chairman. I apologize for being
late. I was stuck on 66. I am glad I am not the Secretary of
Transportation.
Mr. Chairman, Chairman Bliley, and members of the
committee, it is a special privilege to be here on behalf of
Governor Gilmore and the Commonwealth of Virginia, and for me
personally, to talk about this important legislation for two
reasons.
First, you may not know I spent 13 years up here, most of
which as Congressman Horton's staff director on government
operations. Second, I have often wondered what it would be like
to sit on this side of the table. Recalling some of your
investigations, I have often preferred not to. It is a special
privilege to be before this committee because I believe--and I
know Governor Gilmore believes--that in terms of the technology
environment for the United States, this committee has done far
more than the general population appreciates in terms of
setting that environment: the Telecommunications Act, the
Internet Tax Freedom Act, and now digital signatures.
I would like to suggest that from Virginia's point of view,
the action that you are taking in considering this legislation
focuses on digital signature. But is more important than that;
it is about commerce. It is about the United States and the
competitive advantage we have in an electronic world. The
legislation, in our point of view, reflects the U.S. global
framework on Internet policy, which we endorse and include as
part of our comprehensive Internet proposal. We focused upon
the framework established at the Federal level, which generally
suggested that the private sector should continue to lead. We
should be very careful about imposing standards and
restrictions on a medium that has just grown incredibly fast on
its own and developed its own uniformity through market forces.
I am here to speak in support of H.R. 1714. First, it keeps
the United States moving forward in terms of our competitive
advantage by stating that where signatures are required in
legally binding instruments, electronic signatures will satisfy
that requirement. On the other hand, you give the contracting
parties and the States the flexibility to enact standards
amongst themselves that satisfy that basic fundamental
requirement. This is important, we believe, for a significant
reason; and that is if we impose technology standards, all of
us know how quickly that technology changes. There are
different levels of authentication required for different kinds
of transactions. So I applaud the flexibility provided.
In Virginia, I would like to say these same principles
guided the formulation of our current law on electronic
signatures. Our law, simply stated, establishes the following;
first, where any Virginia law requires a signature, or provides
for certain consequences in the absence of a signature, that
law is satisfied by an electronic signature. Second, electronic
signatures must meet certain functional requirements. They must
be unique to the signer; capable of verification; under the
signer's sole control; linked to the record in such a manner
that it can be determined that any data contained in the record
was changed subsequent to the electronic signature being
affixed; and created by a method appropriately reliable for the
purposes for which the electronic signature was used.
We in the Commonwealth believe that our approach to
electronic signature legislation allows the private sector to
lead; avoids undue restrictions on electronic commerce; and
establishes a simple, yet enforceable set of functional
requirements. That is what I think the legislation that you are
considering before this committee does. I think it complements
what is the beauty of this medium and the electronic
environment. It is doing fine on its own; but the government,
being an enabler--and not an imposer or an impeder--is
important. I think it is reflective of the work in this
legislation.
[The prepared statement of Donald W. Upson follows:]
Prepared Statement of Hon. Donald W. Upson, Secretary of Technology,
Commonwealth of Virginia
Mr. Chairman and members of the Subcommittee, good morning. On
behalf of Governor Gilmore and the Commonwealth of Virginia, I extend
my appreciation for the opportunity to address members of Congress
regarding the important topic of electronic commerce and, more
specifically, the issue of electronic signatures.
Electronic commerce over the Internet is a centerpiece of the
global information revolution. Virginia is the Internet capital of the
world. In addition to being the birthplace of the Internet, almost half
of the Internet backbone is in Virginia and nearly half of all online
service subscribers are served by companies located in the
Commonwealth. Accordingly, Virginia has taken the lead in establishing
model policies that empower her citizens to reap the full benefit of
technological opportunities like electronic commerce.
Because citizens are going on-line at an ever-increasing rate,
electronic commerce is at once global, national and local in both scope
and impact. Sound policy, at both the national and local level is
essential for both the Internet and on-line commerce to reach their
full potential. It is our hope that intelligent local policy will flow
smoothly into sound federal policy, which in turn will cascade into a
sensible global policy. However, inappropriate policy can be
detrimental. I think this point is best illustrated by a quote from
Governor Gilmore, who said, ``Government can act in ways that will
enhance this new technology, speed its development and growth, and
encourage the fulfillment of its potential to improve our lives. Just
as surely, it can erect roadblocks to progress that result in new ideas
being left to atrophy and the stream of progress slowing to a stagnant
pool.''
We believe that the Commonwealth of Virginia is crafting the right
local policy for Internet based commerce, a model of government
facilitation of responsible industry and citizenry empowerment. Unlike
other mediums, the Internet allows for an unprecedented amount of
choice and control over use of the medium. Technology and market-based
solutions can and should be used to address many of the concerns that
have been brought on by technology and the market itself.
These solutions should be encouraged because they have the
potential to exceed the effectiveness of traditional legal approaches.
They are fueled by competition for ``consumer satisfaction,'' which is
at the heart of every business plan. As the profit motive drives
companies to compete to provide better customer experience, it also
sets off a race for better protections than traditional regulations
would be likely to achieve. Whenever such traditional regulatory
schemes are unavoidable, however, (i.e. where technology and market-
based programs have been ineffective) we in the Commonwealth believe
they should focus only on the responsible empowerment of citizens and
industry.
Once again, our approach to electronic commerce in Virginia, to
include electronic signatures, has not been the traditional ``top-
down'' model that provides solutions dictated by government to
industry, but more of a partnership with all the individuals and groups
that have an interest in the creation of technology policy. Governor
Gilmore believes in a ``stakeholder'' driven process that includes
industry representatives as equal partners with government to address
the complex issues that surround the Internet and electronic commerce.
Our approach is based upon the inventive principles detailed in the
1997 U.S. ``Framework for Global Electronic Commerce.'' As you know,
this framework has been widely supported by industry.
It was with these five principles in mind that Virginia recently
passed the most comprehensive Internet legislation in the country. In
December 1998, Governor Gilmore's Commission on Information Technology
issued a series of recommendations contained in a report entitled:
``Toward A Comprehensive Internet Policy for the Commonwealth of
Virginia.'' That report focussed on the expanding use of the Internet
and electronic commerce in Virginia. The 1999 General Assembly adopted
several pieces of legislation that, taken together, embody the
Commission's recommendations for a Virginia Internet Policy Act.
These principles, which reflect the need for global cooperation
spurred by technological and market-driven solutions, are as follows:
1. The private sector should lead. Though government played a
role in financing the initial development of the Internet, its
expansion has been driven primarily by the private sector.
2. Governments should avoid undue restrictions on electronic
commerce. Parties should be able to enter into legitimate
agreements to buy and sell products and services across the
Internet with minimal government involvement or intervention.
3. Where governmental involvement is needed, its aim should be
to support and enforce a predictable, minimalist, consistent
and simple legal environment for commerce. In some areas,
government agreements may prove necessary to facilitate
electronic commerce and protect consumers. In these cases,
governments should establish a predictable and simple legal
environment based on a decentralized, contractual model of law
rather than one based on top-down regulation.
4. Governments should recognize the unique qualities of the
Internet (and commerce over the Internet). The genius and
explosive success of the Internet can be attributed in part to
its decentralized nature and to its tradition of bottom-up
governance. Existing laws and regulations that may hinder
electronic commerce should be reviewed and revised or
eliminated to reflect the needs of the new electronic age.
Finally, and maybe most importantly,
5. Electronic Commerce over the Internet should be facilitated
on a global basis. The Internet is emerging as a global
marketplace. The legal framework supporting commercial
transactions on the Internet should be governed by consistent
principles across state, national, and international borders
that lead to predictable results regardless of the jurisdiction
in which a particular buyer or seller resides.
Each one of these principles is reflected in the Virginia approach
and the separate pieces of legislation and law that comprise our
Internet Policy Act. For example, our encryption ``resolution'' law
states that there should be no interference from government regarding
the level of encryption businesses wish to employ to protect their
property. Moreover, our laws regarding ``spam'' and ``content'' do not
restrict any of our freedoms with undue government interference and
regulation, but severely punish those individuals and groups for
abusing the rights and privileges guaranteed by this medium and
protects the growth of this form of commerce.
These same principles also guided the formulation of the current
Virginia law on electronic signatures. Simply stated, that law
establishes the following:
1. Where any Virginia law requires a signature, or provides for certain
consequences in the absence of a signature, that law is
satisfied by an electronic signature.
2. Electronic signatures must meet certain functional requirements.
They must be: (a) unique to the signer; (b) capable of
verification; (c) under the signer's sole control; (d) linked
to the record in such a manner that it can be determined if any
data contained in the record was changed subsequent to the
electronic signature being affixed to the record; and, (e)
created by a method appropriately reliable for the purpose for
which the electronic signature was used.
We in the Commonwealth believe that our approach to electronic
signature legislation: allows the private sector to lead; avoids undue
restrictions on electronic commerce; and, establishes a simple yet
enforceable set of functional requirements. Our approach does not
discriminate in favor of or against any particular technology or
company.
It is also clear that if electronic signatures are to become a
convenient and widely used part of everyday business, for either the
private sector or for government, we must simplify the means of
authenticating digital certificates. If there are dozens of sources
with which you must register your private key or must go to in order to
authenticate a key provided to you, the process will be too cumbersome
for many to participate in, and artificially expensive for the rest.
Virginia is moving to simplify the process for state government
purposes and is headed in the direction of a central authentication
source. While we are doing this, we must also look at what the proper
role of (state) government is in facilitating or even providing a
central source for authentication of certificates used in commerce and
legal proceedings in Virginia.
Governor Gilmore plans to issue an executive order requiring my
office, with the assistance of several other state agencies, to review
available alternatives and recommend a plan to facilitate the use and
authentication of electronic signatures by both the public and private
sectors in the Commonwealth. We hope to achieve several results once
our plan is fully implemented, including more efficient and expeditious
transactions between government, individuals and those businesses that
contract with government. We also hope to raise consumer confidence
through the use of electronic signatures in government transactions,
such as renewing your driver's license on-line. Once the citizens of
the Commonwealth are comfortable with these types of transactions, they
will then feel more comfortable purchasing goods and services on the
Internet in the private sector. Again, emphasis is on ``facilitation.''
With this important background in mind, I have reviewed the draft
of H.R.1714 and offer these specific comments regarding the proposed
legislation:
1. First, it is certainly prudent for members of Congress and the House
Committee on Commerce to examine critical issues surrounding
electronic commerce over the Internet. The Commerce Committee
has always been at the forefront of technology issues, and has
been especially effective under the leadership of its
relatively new Chairman, Tom Bliley, and the Telecommunications
Subcommittee Chairman, Billy Tauzin. One of the first, great
achievements of this Committee under Chairman Bliley was
enactment of telecommunications reform in 1996. Now, more
Americans are going on-line in ever increasing numbers. They
want to be able to conduct business over the Internet with
confidence and peace of mind. Legislation, like H.R. 1714,
which promotes that confidence, is most appropriate.
2. Second, national and international commerce has entered upon a sea
change. The private sector of our economy is no less concerned
than government with security issues surrounding the use of
electronic commerce. I firmly believe that we must allow the
market a chance to operate. We in the Commonwealth support the
overall approach you have taken in H.R. 1714. The bill
facilitates electronic commerce without placing undue
restrictions on those who choose to do business on-line. It
clearly supports the principles, contained in the 1997 U.S.
``Framework for Global Electronic Commerce,'' that have guided
our legislative efforts in Virginia.
3. Finally, I strongly support the requirement for continued inquiry
and consultation regarding impediments to electronic commerce
contained in H.R.1714. It is our plan in Virginia to monitor
the implementation of Web-enabled government, including
electronic commerce, through the establishment of a Web-based
Commonwealth ``best practices'' center. The rapid evolution of
this technology demands our full attention, so that we may
continue to benefit from its use. At this time, I ask that I be
permitted to offer one recommendation to the Electronic
Signatures in Global and National Commerce Act, and that is the
following: amend this draft legislation to include a provision
establishing a national best practices center to further
promote on-line commerce initiatives. It is my hope that
Virginia will be able to work in consultation with the
Secretary of Commerce to establish a similar Web-based center
at the national level.
In closing, I would like to again thank you for the opportunity to
present the Virginia perspective on the issues of electronic commerce
and electronic signatures. We support what you are doing and stand
ready to provide appropriate assistance.
Mr. Tauzin. Thank you very much, Mr. Secretary.
The Chair would now interrupt the proceedings and ask you
all to join with me in welcoming an honored guest who has
arrived and will be honored at a luncheon later today. Mr.
Yoshio Utsumi, the newly elected Secretary General of the
International Telecommunications Union, is with us today. Mr.
Utsumi, if you would be recognized. We all want to welcome you
here today.
The Chair is now pleased to introduce and welcome for his
testimony, Mr. Jeffrey Skogen, Internet Market Manager for Ford
Motor Credit Department in Dearborn, Michigan. Jeffrey, if you
would please summarize your statement for us.
STATEMENT OF JEFFREY SKOGEN
Mr. Skogen. Good morning, Mr. Chairman and members of the
committee. I am Jeff Skogen, Internet Marketing Manager for
Ford Motor Company in Dearborn, Michigan. I appreciate the
opportunity to appear before the subcommittee.
The Ford Motor Credit Company is the world's largest
company dedicated to automotive finance, with more than 8
million customers in 36 countries. Ford Credit is continuously
looking for ways to improve the value of its service that it
delivers to its customers. Consumer power to choose and
business' ability to meet consumers' and marketplace demands
will be enhanced by the establishment of a reliable, trusted,
cost-efficient flow of electronic commerce. For that reason, we
are committed to harnessing the efficiencies that electronic
commerce represents.
Electronic commerce is the exciting medium of business
growth and consumer convenience. It is integral to the rapid
development of a global, information-based economy that appears
destined to coexist with the traditional industrial model.
Electronic signatures are a fundamental building block for
electronic commerce itself. They are the key to the widespread
use and acceptance of electronic commerce. H.R. 1714 would
facilitate transactions on the Internet and other electronic
paperless transactions for dealer and consumer contracts by
assuring that they are given the full legal validity of a
written contract.
Our research shows that 57 percent of consumers in the
market for a new vehicle within the next year prefer to
research their automotive purchases online. Forty-four percent
of consumers who use the Internet online services have visited
a financial website. About one-third of the customers want to
at least start the financing process online, according the Ford
Credit's research.
Ford Credit has implemented a new credit-approval process
called ``Auto Apply,'' which customers can use to complete a
credit application and securely send it to Ford Credit via the
Internet. Ford Credit provides a decision online for the
customer and their preferred dealer, usually within minutes of
receiving the application at the company's website. While Ford
Credit offers online approval through the dealers, its
customers must still physically go to the dealership to sign
the credit application and the contract. With the electronic
signatures, the entire transaction could be handled online,
making the process easier and more efficient for everyone
involved.
In addition, we offer customer electronic funds transfer
online, allowing them to enroll in the program; make a change,
or cancel payments drawn directly from their checking account.
Uniform standards for electronic signatures would enhance the
public confidence in online applications of electronic commerce
like electronic funds transfer.
We believe the United States should be actively involved in
the development of uniform global standards for electronic
signatures and commerce. The lack of uniform, nationwide rules
may inhibit our country's ability to influence development
beyond its borders. Therefore, it is appropriate to consider
the establishment of a Federal standard or uniform guidelines.
I appreciate the opportunity to appear before you this
morning. I will be happy to answer any of your questions.
[The prepared statement of Jeffrey Skogen follows:]
Prepared Statement of Jeffrey Skogen, Internet Marketing Manager, Ford
Motor Credit Company
Good morning, Mr. Chairman and members of the Subcommittee. I am
Jeffrey Skogen, Internet Marketing Manager for Ford Motor Credit
Company in Dearborn, Michigan. I appreciate the opportunity to appear
before the Subcommittee. Ford Motor Credit Company is the world's
largest company dedicated to automotive finance with more the 8 million
customers in 36 countries. Ford Credit is continuously seeking ways to
improve the value of the services it delivers to customers. Consumers'
power to choose and businesses' ability to meet consumer and
marketplace demands will be enhanced by the establishment of a
reliable, trusted, cost-efficient flow of electronic commerce. For that
reason, we are committed to harnessing the efficiencies that electronic
commerce represents.
Electronic commerce is the exciting medium for business growth and
consumer convenience. It is integral to the rapid development of a
global information-based economy that appears destined to coexist with
the traditional industrial model. Electronic signatures are a
fundamental building block for electronic commerce itself and they are
the key to the widespread use and acceptance of electronic commerce.
H.R. 1714, the Electronic Signatures in Global and National
Commerce Act, lays the foundation for nationwide acceptance of
electronic signatures. H.R. 1714 begins the process of removing
operational and legal obstacles to the broad-scale use of electronic
commerce. In addition, the bill would promote the certainty necessary
to conducting electronic commerce on a national and international
basis.
The ability to establish binding legal contracts between
unaffiliated parties is clear when the transaction is documented on
paper or, in the alternative, where the parties conduct their
transactions face to face. In these physical world environments,
identities of the parties are invariably firmly established and
certain. In the electronic marketplace, acceptance of electronically
authenticated signatures in lieu of paper signatures is necessary;
without it the transaction which was advertised, negotiated and agreed
upon electronically still has to be ``consummated'' with a paper
document.
This bill would facilitate transactions on the Internet and other
electronic paperless transactions for dealer and consumer contracts by
assuring that they are given the full legal validity of a written
contract.
Our research shows that 57 percent of consumers in the market for a
new vehicle within the next year prefer to research their automotive
purchase online and 44 percent of consumers who use the Internet or
online services have visited financial sites.
About one-third of customers want to at least start the financing
process online, according to Ford Credit research. Ford Credit has
implemented a new credit approval process--Auto Apply--which customers
can use to complete a credit application and securely send it to Ford
Credit via the Internet. Ford Credit provides a decision online for
customers, and their preferred dealer, usually within minutes of
receiving the application at the Company's web site.
While Ford Credit offers online credit approval through its
dealers, its customers must still physically go to the dealership to
sign the credit application and contract. With electronic signatures
the entire transaction could be handled online making the process
easier and more efficient for everyone involved. In addition, we offer
our customers electronic funds transfer (EFT) online allowing them to
enroll in the program, make changes or cancel payments drawn directly
from their checking account. Uniform standards for electronic
signatures would enhance public confidence in online applications of
electronic commerce like EFT.
Technology neutrality is another necessary component of efficient
electronic commerce. Recent advances in electronic and digital
technology severely test the ability of government policymakers,
regulators, and legislators to remain knowledgeable about the latest
technology and its application. In addition, these rapid developments
easily outdistance the traditional legislative and regulatory
processes. Technology neutrality will serve to guard against
regulations that quickly become outdated and impede the development of
electronic commerce, both domestically and internationally.
We believe the United States should be actively involved in the
development of uniform global standards for electronic signatures and
commerce. The lack of uniform nationwide rules may inhibit our
country's ability to influence developments beyond its borders.
Therefore, it is appropriate to consider the establishment of a federal
standard or uniform guidelines.
I appreciate the opportunity to have appeared before you this
morning. I would be happy to answer any questions you may have. Thank
you.
Mr. Tauzin. Thank you very much, Mr. Skogen.
The Chair is now pleased to recognize Mr. Daniel Greenwood,
Deputy General Counsel, Information Technology Division,
Commonwealth of Massachusetts. I am sure if Mr. Markey were
here, he would want to issue a special welcome to you, Mr.
Greenwood.
STATEMENT OF DANIEL GREENWOOD
Mr. Greenwood. Thank you very much, Mr. Chairman and
members of the subcommittee. On behalf of the Commonwealth of
Massachusetts, I really do appreciate the opportunity to
testify today on H.R. 1714, the Electronic Signatures in Global
and National Commerce Act, ``E-SIGN.'' I should probably depart
from my remarks to indicate that you have won the important
battle in this town of the best, all-time acronym for bills in
this area: E-SIGN.
Mr. Tauzin. That is an important title around here. We
appreciate it.
Mr. Greenwood. It just rolls off the tongue--back to the
merits for a moment.
To the extent that H.R. 1714 does facilitate a national
baseline and a consistent legal infrastructure that supports
electronic commerce without unduly disrupting related areas of
State law, we believe that it does deserve very serious
consideration; and it does deserve support. While we think the
current language in certain sections ought to be looked at
further, and the legislation should be honed to avoid some
disruptions in related areas of State law; it does seem clear
to us that the objectives of your legislation are wholly
consistent with the Commonwealth's policy to assure a sound
foundation for electronic commerce.
Last month, the Commonwealth went on record supporting the
Abraham legislation in the Senate, S. 761, which by our lights
supports very similar principles. It does set a minimum
national framework.
When we are looking at legislation from a State perspective
in Massachusetts, and evaluating whether or not it really
should succeed from a preemption perspective and from a
perspective of supporting e-commerce and commercial law
generally; we ask these types of questions: is the legislation
narrowly tailored to address existing and well-understood
market failures, or failures in law? In other words, is it
minimalist? Is it doing only what is necessary to right a
wrong, or to facilitate a place where the free market--or at
least our existing market system--is not operating optimally?
Does it promote a competitive marketplace for different
technologies? This has been mentioned a couple of times today.
Locking into a single technology for authentication or
electronic records, in our view, is not generally a good idea.
Federal legislation can have a negative effect by distorting
the market.
We also ask whether it includes any new or expanded
regulation, or other government intervention; including a
legislatively created accreditation, or some other government
approval or control that is necessary for technology providers
or users. It is our view that, especially in the e-commerce
area, we are looking at an economic sector that is quite
decentralized. It is almost self-organizing and distributed,
the way that it is put together. Therefore, legislation that
centralizes the market players for the purpose of controlling
and regulating them is a bad idea.
Finally, does the legislation disrupt other bodies of law?
Does it unduly preempt State jurisdiction? This is what I would
like to talk about in a little bit more detail. We think there
are compelling arguments that favor generally keeping
governance of commerce under State jurisdiction, where it
primarily exists today under the Uniform Commercial Code and
related law. The provided law is sufficiently harmonized so as
not to present undue barriers to interstate commerce. We think
generally States are more agile. We are somewhat smaller. We
can react somewhat more quickly to changing market conditions
and that is going to be particularly important in this e-
commerce space.
However, there are certainly cases where the national
interest requires that Federal action does preempt State law.
This has long been accepted when States create undue
impediments to interstate commerce. The fact that--as has been
noted this morning, many times, so far--we have enacted so many
different laws governing electronic signatures and records has
clearly been a contributor to the current efforts for Federal
action.
If States were to quickly pass uniform law in this area, we
believe that it is likely that the legitimate private-sector
interests in a national baseline would be satisfied. It would
be satisfied through the uniform law process. We think, in the
end, this is the preferred method of creating a baseline. The
draft Uniform Electronic Transactions Act, which Andy Pincus
had mentioned, represents at this point the single best, most-
comprehensive, legislative effort to date. It causes no serious
legal disruptions in other areas of law. It comprehensively
deals with many issues about contract formation, contract
interpretation, and notice requirements--all of the secondary
and third-level issues that are implicated when one lists legal
barriers to using electronic records.
There are many interdependencies with many areas of law.
These people have done a very good job through a multi-year,
open process, with a lot of State law experts in the public
sector and the private sector deliberately going through all of
these interrelated areas of law and crafting a very good,
comprehensive act.
We have a problem in the timing, which has been pointed out
very convincingly, I think, by advocates for the private
sector. They need legal reform soon. I think the objectives of
the legislation today, H.R. 1714, are evidently crafted to
satisfy the legitimate interests of industry to come with some
baseline quicker as we wait for uniform law to evolve. Looking
at the criteria I mentioned, the bill really can directly
satisfy the industry needs without disrupting these other
policy concerns.
I would request the privilege to add an addendum to my
remarks within 30 days, under House rules, for the purpose of
providing some more detailed comments on some the precise
provisions of the current language as they relate to some of
these other areas of State law and to the emerging Uniform
Electronic Transactions Act.
Mr. Shimkus [presiding]. There is no one here to object, so
I will let you do it. How about that?
Mr. Greenwood. Thank you, sir. The long and short of it is
we support the principles that appear to underlie this
legislation. We would look forward for an opportunity to
continue to offer any service or assistance we can to this
committee and the other committees that are working on the
legislation as you try to work through the very complicated
issues with State law.
Thank you, again, for the opportunity to testify today.
[The prepared statement of Daniel Greenwood follows:]
Prepared Statement of Daniel Greenwood Deputy General Counsel for the
Information Technology Division, Commonwealth of Massachusetts
Mr. Chairman, members of the Subcommittee, on behalf of the
Commonwealth of Massachusetts, thank you for the opportunity to testify
today on House Bill 1714, the Electronic Signature in Global and
National Commerce Act (E-SIGN). The Commonwealth is home to many
information age businesses and our state government is a robust user of
electronic commerce technologies. As such, the Commonwealth of
Massachusetts has had significant experience with the legal and policy
implications of electronic authentication technologies. It has been the
policy of the Commonwealth to promote the growth of our emerging
electronic commerce industry in a non-regulatory, market-driven
fashion.
To the extent that H.R. 1714 facilitates creation of a national
consistent legal infrastructure supporting electronic commerce without
unduly disrupting related areas of state law, it deserves serious
consideration and support. While the current language of the bill
contains certain provisions that would benefit from further honing, it
seems clear that the objectives of this legislation are wholly
consistent with the Commonwealth's policy to assure a sound foundation
for electronic commerce. Our desire is to indicate the ways in which
this bill can be helpful and to constructively suggest some alternative
formulations of certain sections for the purpose of achieving the
bill's goals without causing harm to ongoing efforts at the state level
to develop more uniform electronic commerce law as part of the overall
uniform state commercial legal framework.
Last month, the Commonwealth went on record before the Senate in
support of S. 761, by Senator Abraham, which promotes a national legal
base-line on certain issues related to electronic commerce transaction
contracts and usage of electronic signatures and records. In an Issues
Brief dated April 19, 1999, the National Governor's Association
questioned the need for federal legislation, but characterized the
Abraham bill as follows:
``Despite the preemption contained in the Millennium Digital
Commerce Act, the legislation is fairly friendly to states' interests.
The bill's scope is carefully restricted to interstate commercial
transactions, over which Congress has jurisdiction through the Commerce
Clause. The drafters of the bill have made a concerted effort to avoid
interfering with areas of state law that involve records and signatures
that are unrelated to interstate commerce.'' [http://www.nga.org/Pubs/
IssueBriefs/1999/990419FedDigitalSigs.asp]
It seems clear that the Abraham bill and H.R. 1714 have very
similar goals and are on corresponding tracks through each respective
chamber. It is hoped that the final version of H.R. 1714 is refined so
as to avoid the problems associated with undue interference with
legitimate areas of state laws governing records, signatures and
contracts. Assuming that such amendments occur, then this bill would
clearly meet the stated interests of electronic commerce industry
advocates who have voiced a desire for legal reforms to provide greater
certainty in the short term.
background
Conventional wisdom is evolving regarding the appropriate scope of
legislative action effecting electronic commerce. Despite a brief fad
in the mid-1990s favoring a regulatory, technology-specific approach to
electronic commerce, the vast majority of state governments have
recently opted for a minimalist, non-regulatory and technology-neutral
stance. Unfortunately, certain foreign jurisdictions and international
organizations seem to be several years behind the United States and are
currently adopting regulatory, technology specific, and centralized
policies regarding electronic commerce generally. Fortunately, both
H.R. 1714 and the Abraham bill reflect the U.S. preference favoring
free and competitive markets, rather than government intervention.
In 1995, Utah was the first jurisdiction in the world to enact
``digital signature'' legislation. Reflecting the trends of the time,
this law is regulatory (it empowered a state agency to license
providers); technology-specific (public key cryptography); promotes a
certain business model and implementation (trusted third parties and
digital certificates); increases e-commerce user liability (by limiting
provider liability); and reverses age-old evidentiary rules regarding
proof of signatures (by providing a presumption against the signature
technology user).
The passage of time indicates that this approach went too far and
created unintended market distortions. In fact, it has not even been
generally favored by the very industry it was enacted to promote
(virtually every major certificate provider has chosen not to become
licensed in the three states--Washington, Minnesota, and Utah--that
attempted to regulate their fledgling product or service sector.
Over the past few years, a broad convergence in activity and
published policy has evidenced a solid and growing consensus that
government actions effecting electronic commerce should generally be
non-regulatory, technology neutral, support the rights of parties to
structure their business models and technical implementations through
contracts and agreements and should not tamper with rules of evidence
and liability apportionment as an industrial policy setting mechanism.
The last point, regarding tampering with rules of evidence, bears
some additional explanation. There have been proponents of legislation
at the state and the federal level which would create an evidentiary
presumption against the user of an electronic signature. The rationale
was that receivers of electronically signed messages deserve special
government protection. This rationale fails to recognize that the
proponent of such evidence should be the party with the burden to prove
that the signature occurred. Likewise, the receiver of the signature is
in the best position to judge the reliability of the authentication in
the context of the value of the transaction, and they are the party
most likely to have the relevant evidence that a signature was
presented to them. Again, both H.R. 1714 and the Abraham language
reflects these time-honored legal principles.
The application of these general principles to electronic commerce
is swiftly gained wide acceptance over the past few years. In the 1997
Framework for Global Electronic Commerce, the Clinton Administration
articulated principles supporting a technology-neutral approach to
electronic commerce, and opposing regulation. Likewise, in 1997, the
Internet Law and Policy Forum drafted a set of principles that promoted
a thriving market and strongly resisted regulation (see: http://
www.ilpf.org/digsig/principles.htm). And in the Telecommunications Act
of 1996, Congress expressly found that ``[t]he Internet and other
interactive computer services have flourished, to the benefit of all
Americans, with a minimum of government regulation'' and declared that
``[i]t is the policy of the United States . . . to preserve the vibrant
and competitive free market that presently exists for the Internet and
other interactive computer services, unfettered by Federal or State
regulation.'' The Commonwealth was pleased to work with Senator
Abraham's office and the office of Congresswoman Eshoo on the
Government Paperwork Elimination Act last session, which also largely
embodied these principles. Over the past two years innumerable
additional such positions, statements and policies among states and the
federal government as well as from various private organizations.
general criteria for legislation
The success or failure of legislation governing e-commerce this
session should be based on the answers to five fundamental questions.
1. Is the legislation narrowly tailored to address existing and well
understood market failures?
Another word for this is ``minimalist'' in other words, limited to
address only what is currently necessary and appropriate. The chances
of ``doing no harm'' are increased dramatically when government
intervention in the private market is closely restricted to fixing
specific and demonstrated problems that the market and existing laws
have failed to address. This is especially true in the fast growing and
dynamic area of electronic commerce. Relatively small changes in law
can have the effect of chilling competition or otherwise distorting the
free evolution of efficient solutions in the quickly moving and
difficult to predict e-commerce field. Specifically, legislation that
focuses on or includes provisions dealing with business or consumer
rights or liabilities connected with the use of a public key
infrastructure or other particular technologies that are not yet widely
used may create harmful and unnecessary results. The actual problems
may well turn out to be different than the projected issues.
2. Does it promote a competitive marketplace for different
technologies?
Legislation should promote, rather than chill, competition. That
means Congress should avoid legislating a market winner. Another way to
look at this criteria would be: ``is it technology-neutral or does it
give a special legislative 'leg up' to a given technology, business
model or implementation available for general use in the market?'' It
is unfortunately common that special interests that stand to benefit
from market intervention often lobby for such government action. In the
case of electronic commerce, however, it seems clear that the best
government action with respect to promotion and facilitation of that
market is usually no action at all. By enshrining a given technology in
legislation, government action may have the counter-effect of reducing
incentives for further improvements and innovations.
Legislation can distort the technology markets by regulating the
security or reliability criteria that must be applied to create an
electronic signature even if it stops short of specifying the
particular technology necessary. These types of criteria usually
include a requirement that the signature technology is under the ``sole
control'' of the signer and that it can detect or prevent any change to
the signed record. These particular implementations may be appropriate
in some, perhaps many, situations. However, the specific security
features necessary and appropriate will differ dramatically depending
upon the transaction and the parties' needs. For example, a ``signature
machine'' (e.g. an institutional check signing mechanism) is clearly
not under the ``sole control'' of the signer. In fact, it is doubtful
that a treasurer, comptroller or CFO of an institution has any direct
contact at all. The same is true of non-check organizational
authentication of many types. It is accessible to several authorized
individuals and there are internal controls and systemic security
measures in place. Similarly, many popular and adequately safe
authentication implementations do not, by themselves, detect or prevent
alteration of underlying data. Most PIN and password systems in use
today in banking, healthcare, commerce and elsewhere do not possess
this specific feature. Nor do many biometric products.
Current implementations live or die based on buyers and users
making cost, benefit and risk judgements about the amount of
reliability and types of security features needed. Well-intentioned
attempts by legislators to come up with a ``one size fits all''
approach to signature technology features are doomed. The Uniform
Electronic Transactions Act at one time had such criteria, but based
upon months of discussion it now reflects and supports the common law
definition of signature: any symbol executed with the intent to sign.
In narrow cases where legislation is dealing with specific user
communities (like a Securities context or a Consumer Protection issue)
then it may be appropriate to specify more specific requirements, but
general legislation covering every economic and social sector should
never distort the competitive and open market for electronic signature
and records technologies.
3. Does it include any new or expanded regulation or other government
intervention, including legislatively created ``accreditation''
through government approval or control over technology
suppliers or users?
It is increasingly obvious that the United States stands at the
opening of a substantively different economic and societal phase: some
call it the information society. The economic impacts are profound.
Decentralized, self-organizing and distributed systems are gaining
dominance. Old industries built on intermediating relationships are
disappearing as the Internet and other technologies eliminate the
barriers that created a need for such middle-men. Fast changing,
dynamic, and rapidly growing markets are evolving before our eyes--in
many cases, markets which are little understood.
Unfortunately, some advocates continue to promote industrial-era
policy designed for economic and social conditions of the last century.
Industrial organizations were inherently centralized and regulations
were correspondingly focused at the ``choke points.'' Internet-mediated
communications and new forms of relationships between parties are
often--and increasingly--organized differently. Centralization of
market participants for the sole purpose of making them easier to
regulate for government is wrong. And such a policy risks killing the
goose to control its eggs. Requiring government licensure of market
suppliers or setting up so-called ``self regulatory organizations''
(which in fact are under the thumb of federal or state regulators) is
antithetical to the new economy. Absent serious market failures,
government should resist erecting new oversight and control mechanisms
over any part of electronic commerce. There are, of course, a large
number of existing statutes, regulations and legal doctrines that
create a floor of behavior to handle crime, fraud, and threats to
national security. These laws currently appear to be quite adequate to
prevent known harms.
One useful policy approach is modeled in the draft report developed
by the NACHA Certificate Authority Ratings and Trust Task Force, which
seek to give parties helpful guidelines, including detailed policy and
contractual terms, to assist in the creation of legally enforceable and
reliable implementation of authentication technology (background
information at: www.state.ma.us/itd/legal). This is an example of a
``bottom up'' approach rather than an approach that favors central
policy making or regulatory oversight. Legislation should simply lift
legal barriers and thereby allow parties to use existing bodies of law,
such as contract law, to tailor their transactions to their own needs.
Ultimately, as national standards and practices emerge, they will be
based upon actual proven market experience and they will be far better
than any scheme anyone can dream up today through central planning. The
current draft 1.0 of the NACHA CARAT Guidelines is available at: http:/
/internetcouncil.nacha.org/CARAT/CARAT921.DOC on the web. A ginchy
example of contractually based Operating Rules that are consistent with
the CARAT Guidelines can be found at http://www.emall.isa.us/ (a
multistate electronic commerce procurement project to buy goods over
the web from several private vendors).
4. Does the legislation disrupt other bodies of law or unduly preempt
state jurisdiction over commercial law?
There are compelling arguments in favor of generally keeping
governance of commerce under state jurisdiction, provided the law is
sufficiently harmonized so as not to present an undue barrier to
interstate commerce. States are far more agile than the federal
government in responding quickly to changing market conditions. As
such, states serve as important laboratories of innovation in the realm
of public policy and law.
The arguments are particularly strong for continuing state primacy
in the context of electronic signatures, records and contracts, because
a signature or a record requirement arises under innumerable other
areas of state law. A single federal law that purported to grant legal
equivalency for electronic signatures, for example, would almost
certainly have the effect of creating significant disruptions in areas
of state law that have nothing to do with commerce, such as wills,
trusts, powers of attorney, consumer protections, real estate deeds,
negotiable instruments, notice requirements, elections law, hospital
regulation, and state criminal justice laws. Massachusetts, for
example, has some 4,515 different sections of law that relate to a
signing or writing. (See: http://www.state.ma.us/itd/legal/siglaw4.doc
)
However, in some cases, the needs of the nation require that
federal action preempt state law. This has been long accepted where
states create undue impediments to interstate commerce. The fact that
states have adopted such a dizzying array of different laws dealing
with electronic signatures and records has been a major contributor to
the current efforts for federal action. If states quickly pass uniform
law in this area, it is likely that legitimate private sector interests
in a national baseline will be satisfied through uniform state law.
This is the preferred method of creating the base-line because the
draft Uniform Electronic Transactions Act (UETA) clearly represents the
single best, most comprehensive, well principled legislative effort to
date and, importantly, it causes few or no serious legal disruptions or
other harm because it is finely integrated with other areas of law. No
federal law yet proposed (or likely to emerge) can claim the same
features--in part because the National Conference of Commissioners on
Uniform State Law has sponsored a multi-year deliberative process in
which interested parties from the public and private sectors have
collaborated in open forums to work through these complex and subtle
issues. However, to the extent that commercial interests make a
convincing case that faster action is needed than can be accommodated
via the uniform law process, then the Commonwealth has already gone on
record as supporting narrow and temporary federal ``bridge''
legislation to produce the necessary legal national base-line.
The key criteria for any such bridge legislation is that it must be
narrowly tailored to address only those matters upon which immediate
action is needed (as distinct from matters that can wait for uniform
state law) and that it provide a statutory mechanism that reverts
jurisdiction back to the states upon adoption of a consistent base-line
legal framework. Since the UETA appears poised to shepherd in such a
framework, any federal law in this arena should recognize and promote
this uniform law effort.
5. Does the legislation give an undue competitive advantage in this new
market to a single industry or economic sector over
participants of other economic sectors?
Legislation should not grant any particular sector a special leg up
by government. If legislation lifts general legal barriers or solves
general problems for only a specific sector of the economy, then an
undue competitive advantage may result in unfortunate market
distortions. Promoting competition among different sectors in this area
is good because many of the problems are far from being solved, and
each sector bring its own resources, expertise and approaches to the
solutions. Legislation granting special presumptions or validity upon
electronic authentication when it is supplied only by vendors in a
single market (say, by telecom companies, or network service providers,
or licensed attorneys, or even financial institutions alone) runs the
risk of ultimately harming, rather than promoting, optimal technical
and business-model solutions that would arise from highly competitive
marketplace interactions.
summary and conclusion
In summary, the apparent goals of H.R. 1714 are worthy of support.
Private sector representatives have made a strong case before the House
and Senate that some action is needed in the shorter term. The
objectives of this legislation are evidently to satisfy these
legitimate interests of industry without unduly harming related areas
of state law. Review of the bill based upon the five question asked
above indicates that this legislation, with some modifications, can
directly satisfy key principles for electronic commerce legislation.
I request the privilege to add an addendum to these written remarks
within the next 30 days which will provide more detailed comments on
the precise provisions of the current legislative language as they
relate to state law and to suggest possible alternative formulations.
We anticipate these comments will focus largely on limiting the scope
of Title I to contracts effectuating interstate commerce transactions
(as opposed to including all agreements that may affect interstate
commerce); assuring that the operative provisions of the law merely
accord legal status upon electronic transactions that is equivalent to
what those transactions would receive if they were carried out via
other media (as opposed to granting whole new categories of rights and
responsibilities only for electronic transactions); assuring that the
formula for states to retrieve jurisdiction under the overall framework
of existing commercial law is clear and promotes enactment of the UETA
or an equivalent uniform law; minimizing or eliminating federal
administrative oversight over state government affairs; and conforming
definitions of electronic signatures and other key terms to existing
and emerging bodies of law governing electronic transactions.
Please do not hesitate to call upon my office as a supportive
resource as this legislation continues to evolve. It is my sincere hope
that we can assist you as you seek to hone some of the provisions of
this bill to conform more closely to the principles set out above.
Again, thank you for the chance to share our views today.
Mr. Shimkus. Thank you.
Our next witness is Mr. Ari Engelberg, Vice President of
Strategic Web Development, Stamps.Com. Of course, your written
statement is in the record. You may summarize for 5 minutes.
Welcome.
STATEMENT OF ARI ENGELBERG
Mr. Engelberg. Mr. Chairman and members of the
subcommittee, my name is Ari Engelberg. I am a founder of an
Internet company called Stamps.Com. Stamps.Com, working in
conjunction with the Information Based Indicium program at the
United States Postal Service, has developed an exciting
mainstream application of digital signature technology. I
thought I would use my few minutes here this morning to tell
you about a little bit about how our technology works and how
it relates to this bill.
What we are is one of the first companies to develop an e-
commerce system that enables individuals and businesses to
purchase and print U.S. postage over the Internet using nothing
more than an ordinary laser or ink-jet printer. Our service is
a simple one. Users download a small piece of software from our
website, or from the website of one our partners. After a short
registration process, which includes U.S. Postal Service meter
licensing, users may purchase postage through a variety of
payment methods including wire transfers and credit or debit
cards. The postage payment is then transferred directly to the
Postal Service.
To print postage, users log onto their accounts on our
postage servers over an encrypted link and designate a delivery
address. The postage servers then perform a variety of
functions. The user's postage balance is debited by the
appropriate amount. Spelling and zip-code mistakes in the
address are corrected by a national address data base to ensure
higher address quality and more efficient mail piece routing
through pre-barcoding. Most importantly, a digital signature is
generated for each stamp, using a cryptographic key unique to
each user. The digital signature is then sent back across the
link to the user's P.C., where it is encoded in a two-
dimensional barcode. This barcode is the security-critical
portion of the Postal Service's new Information Based Indicium.
Each of you has in front of you an envelope which is
adorned with Internet postage. That is live postage and you may
take that back and mail it back to your district office. The
barcode on the envelope can be scanned using a hand-held or a
stationary device. Through a system that connects the
cryptographic keys generated by our postage service to a
certificate authority maintained by the Postal Service, the
authenticity of a given stamp can be ascertained.
This system provides tremendous advantage to users. Postage
is available 24 hours a day, 7 days a week from the desktop.
Addresses are corrected by our data base to increase delivery
reliability. Postage can be printed from within the word
processors and personal information managers upon which so many
small business professionals already rely. By transforming what
was once a product--postage meters, into a service--Internet
postage; Stamps.Com has fundamentally altered cost structures
in this industry, making postage convenience more affordable to
a broader share of the business and consumer population than
traditional postage meters.
The enterprise comprises one of the most complex, highly
secure electronic commerce systems ever developed. It has been
2\1/2\ years in the making. Our system involves sophisticated
cryptography, advanced data center operations, and secure
financial transactions. The advantages of this advanced system
are enabled by the security of the Information Based Indicium,
and the security of a strong digital signature as a means of
authentication of postage value.
H.R. 1714 provides a welcome legislative foundation for
furthering e-commerce by explicitly legitimizing electronic
signatures as proof of contract acceptance. For the purposes of
this discussion, each or indicium, or stamp, is a micro-
contract authenticated by the electronic signature between
Stamps.Com, the Post Office, and the customer. That is; if the
customer uses Stamps.Com to pay for and print U.S. postage, the
Post Office will deliver the mail. This contract, and the
opportunity to offer this service, is made possible by the
integrity, authenticity, and non-reputability of a strong
digital signature.
Thus, Stamps.Com strongly supports H.R. 1714. Thank you for
the opportunity to testify.
[The prepared statement of Ari Engelberg follows:]
Prepared Statement of Ari Engelberg, Founder, Stamps.com, Inc.
Mr. Chairman, Members of the Subcommittee: My name is Ari
Engelberg. I am a founder of an Internet company called Stamps.com.
Stamps.com is one of the first companies to develop an e-commerce
system that enables individuals and businesses to purchase and print US
postage over the Internet using nothing more than an ordinary laser or
inkjet printer. Two and a half years ago, Stamps.com was founded upon
the promise--and reality--of electronic commerce. Indeed, we have
developed one of the few e-commerce applications to make possible the
purchase and delivery of a product--in our case US postage--entirely
online: the payment and service are bits; the inventory and shipment,
ones and zeroes.
Our service is a simple one. Users download a small piece of
software from our web site, or the web site of one of our partners.
After a short registration process, which includes US Postal Service
licensing, users may purchase postage through a variety of payment
methods including wire transfers and credit or debit cards. The postage
payment is transferred directly to the Postal Service
To print postage, users login to their accounts on our Postage
Servers over an encrypted link and designate a delivery address. The
Postage Servers then perform a variety of functions:
The user's postage balance is debited by the appropriate amount.
Spelling and ZIP Code mistakes in the address are corrected by a
national address database to ensure higher address quality and more
efficient mailpiece routing through pre-barcoding. And, most
importantly, a digital signature is generated for each stamp using a
cryptographic key unique to each user. The digital signature is then
sent back across the link to the user's PC, where it is encoded in a
two-dimensional barcode. This barcode is the security-critical portion
of the Postal Service's new Information Based Indicium. It can be
scanned using hand-held or stationary devices, and through a system
that connects the cryptographic keys generated by our Postage Servers
to a Certificate Authority maintained by the Postal Service, the
authenticity of a given stamp can be ascertained.
The system provides tremendous advantage to users. Postage is
available 24 hours a day, 7 days a week from the desktop. Addresses are
corrected by our database to increase delivery reliability. Postage can
be printed from within the word processors and personal information
managers upon which so many small business professionals already rely.
And, by transforming what was once a product (postage meters) into a
service (Internet Postage), Stamps.com has fundamentally altered cost
structures in this industry, making postage convenience more affordable
to a broader share of the business and consumer population than
traditional postage meters.
The enterprise comprises one of the most complex, highly secure
electronic commerce systems ever developed and has been two and a half
years in the making. Our system involves sophisticated cryptography,
advanced data center operations, and secure financial transactions. The
advantages of this advanced system are enabled by the security of the
Information Based Indicium, by the security of a strong digital
signature as a means of authentication of postage value.
However, while digital signature technology affords Stamps.com and
companies like ours the opportunity to take advantage of the
efficiencies and immediacy of ecommerce, it also imparts upon us a
responsibility towards our customers and partners, a responsibility to
secure each and every transaction against mistake or misuse.
H.R. 1714 provides a welcome legislative foundation for furthering
ecommerce by explicitly legitimizing electronic signatures as proof of
contract acceptance. In its current form, however, H.R. 1714 leaves
open a prospect for abuse. While H.R. 1714 aims to achieve vendor-
neutrality, in the world of ecommerce not all algorithms are created
equal.
In Stamps.com's business, electronic signature technology ensures
that each indicium is unique and cannot be created fraudulently.
Moreover, it ensures that each indicium cannot be hacked or spoofed or
electronically replayed--all favorite tools of electronic criminals.
For purposes of this discussion, each indicium is a micro-contract,
authenticated by the electronic signature, between Stamps.com, the Post
Office, and the customer. That is, if the customer uses Stamps.com to
pay for and print US Postage, the Post Office will deliver the mail.
The Stamps.com application was developed using published and
government-approved encryption standards. Sound encryption requires
years of open testing to expose and remedy flaws. For that reason, the
government has issued standards for a variety of encryption and digital
signature algorithms, the Federal Information Processing Standards.
These standards provide a base-level of protection that the private
sector often uses or exceeds. H.R. 1714 provides for no base-level of
protection and potentially leaves open the exploitation of contracting
parties with little or no experience with relatively complex technical
issues. If companies are allowed to choose any ``reasonable'' method,
they may choose one that is weak enough to be attacked and exploited to
falsify contract acceptance. Furthermore, any algorithm, no matter how
tried-and-true, is susceptible to failure if implemented incorrectly.
Thus, it is my company's belief that H.R. 1714 should contain some
reference to the fact that not all electronic signature methods are
``reasonable'' and that parties should be encouraged to investigate and
choose electronic signature methods that meet their specific needs for
security and ease of use.
Thank you for the opportunity to speak before this Committee.
Mr. Shimkus. Thank you.
Our next panelist is Mr. John Siedlarz.
Before I do that, I want ask unanimous consent that we give
all witnesses 30 days to include any--obviously, I am not going
to object. You will get questions, probably, that members may
ask you to respond to in writing. Without objection, I request
unanimous consent for 30 days for that response to be received
for the official record.
And, now, the next panelist, Mr. John Siedlarz, President
and CEO of IriScan, Incorporated. Welcome. You have 5 minutes.
STATEMENT OF JOHN E. SIEDLARZ
Mr. Siedlarz. Thank you, Mr. Chairman. Good morning, Mr.
Chairman and members of the committee.
Mr. Shimkus. Pull that mike closer to you. Thank you.
Mr. Siedlarz. In addition to being president of IriScan, I
am also the vice chairman of the International Biometric
Industry Association. The Association very much appreciates the
opportunity to speak to you today and comment on H.R. 1714.
As one example of the technologies that are covered by the
Association, IriScan--my company--develops a leading biometric
product that identifies and authenticates individuals through
the unique iris pattern of the eye, the visible colored ring
surrounding the pupil.
I wanted to pass this on to Chairman Tauzin on his comment
about dogs. Not only can we make a sharp distinction between
humans--an absolutely positive one; but we can tell the
difference between a dog and human. We will shortly be able to
be in the position of being able to tell the difference between
the dogs that are on the Internet.
I would appreciate it if you would convey that to him.
The IBIA is a trade association that represents many
technologies, and the interests of the biometric industry as a
whole. It includes groups of proven technologies that identify
or verify individuals based on physiological characteristics.
In other words, what you are; not what you hold or what you
do--a very important distinction that I would like to focus on
later in comparing how you use biometrics with an encryption
for a more secure transaction.
Biometric identification and verification are accomplished
by using computer technology in non-invasive ways to match
patters of live individuals in real time against enrolled
records. Examples include products that recognize faces, hands,
fingers, signatures, irises, voices, and fingerprints.
Biometrics are most commonly used to safeguard international
borders; protect computer network security; control access to
sensitive work sites; authenticate financial transactions;
verify time and attendance; prevent benefits fraud, and provide
secure transactions on the Internet. Biometrics, in sum, are
excellent means to secure privacy and prevent identity theft.
IBIA supports H.R. 1714 and the efforts of Chairman Bliley
and the committee to move this legislation forward. We
specifically endorse the attempt to make sure that the
technology is essentially neutrally identified, as far as the
legislation concerned. Our only argument with the bill--and it
is a very small one--is in the language in section 104, which
defines an electronic signature as, ``A signature in an
electronic form.'' We think that it is appropriate to have that
language broadened slightly, maintaining the focus on neutral
technology approaches in the legislation; and be consistent
with what the Senate dealt with in S. 2107, the Government
Paperwork Elimination Act, last year. Based on testimony from
expert witnesses, the Senate chose to strike language that
would favor a digital signature; and instead substituted the
technology-neutral phrase, ``electronic authentication.''
The specific reason for this action was to avoid a
constricted definition that would have the combined effects of
unnecessarily restricting the market for biometric products;
creating a competitive advantage for a small group of
solutions; and freezing options for substituting newer
technologies as they are perfected.
Once again, we wanted to emphasize that in our view, the
growing recognition among the community is that the combination
of encrypted data and biometrics at either end of the
transaction, in effect, provide the only means of a secure
solution for transactions on the Net. Biometrics cannot do that
by themselves. Encrypted data cannot do it by itself. It is the
combination of those two technologies which, I think, is being
recognized. I think this bill ultimately supports that in its
technology-neutral language.
The IBIA strongly encourages the committee to take a
similar approach to the action in the Senate. This can be
accomplished by rewording the first part of the definition
contained in section 104[2] to read as follows, ``Electronic
signature. The term ``electronic signature'' means a biometric
or other sequence of data in electronic form.'' This change
would ensure that the bill does not rule out the use of sound
biometric authentication solutions that have been specifically
designed to accomplish the purpose of the bill.
The IBIA thanks both subcommittees for this opportunity to
express its views in supporting H.R. 1714. I would welcome your
questions about biometric technologies and their relevance to
this important bill. Thank you, Mr. Chairman.
[The prepared statement of John E. Siedlarz follows:]
Prepared Statement of John E. Siedlarz, President and Chief Executive
Officer, IriScan, Inc., on Behalf of the International Biometric
Industry Association
My name is John Siedlarz. I am President and Chief Executive
Officer of IriScan, headquartered in Marlton, New Jersey. I am also
Vice Chairman and a member of the Board of Directors of the
International Biometric Industry Association (IBIA). IBIA very much
appreciates the opportunity to testify before you today.
IriScan develops a leading biometric product that identifies and
authenticates individuals through the unique iris pattern of the eye--
the visible colored ring surrounding the pupil.
IBIA is a trade association that represents the interests of the
biometric industry as a whole. Biometrics include a group of proven
technologies that identify or verify individuals based on physiological
characteristics. Biometric identification and verification are
accomplished by using computer technology in noninvasive ways to match
patterns of live individuals in real time against enrolled records.
Examples include products that recognize faces, hands, fingers,
signatures, irises or irides, voices, and fingerprints. Biometrics are
most commonly used to safeguard international borders, protect computer
network security, control access to sensitive work sites, authenticate
financial transactions, verify time and attendance, and prevent
benefits fraud. Biometrics, in sum, are excellent means to secure
privacy and prevent identity theft.
IBIA supports the intent of Chairman Bliley and his co-sponsors to
recognize the economic potential of e-commerce, and to update our laws
to specify how electronic documents can be properly authenticated in
the digital age. We believe that Chairman Bliley's bill, H.R. 1714,
``The Electronic Signatures in Global and National Commerce Act,''
would both encourage and protect the use of electronic records in
national and international commerce. This is an essential step toward
automating cumbersome processes that can otherwise hinder trade and
stifle economic growth. If the bill became law, complex and highly
confidential transactions in banking, real estate, securities, and
retail sales, in particular, will be quicker, far more secure, and much
more efficient.
The biometric industry has one concern about the bill--the wording
of Section 104, which defines an ``electronic signature'' as ``a
signature in electronic form.'' This definition could be construed to
mean that only a limited range of signature-based technologies are
acceptable.
Last year, the Senate dealt with this same issue while deliberating
the provisions of S. 2107, ``The Government Paperwork Elimination
Act.'' Based on testimony from expert witnesses, the Senate chose to
strike language that would favor a ``digital signature,'' and instead
substituted the technology-neutral phrase, ``electronic
authentication.'' The specific reason for this action was to avoid a
constricted definition that would have the combined effects of
unnecessarily restricting the market for biometric products, creating a
competitive advantage for a small group of solutions, and freezing
options for substituting newer technologies as they are perfected.
The IBIA strongly encourages you to take a similar approach. This
can be accomplished by rewording the first part of the definition
contained in Section 104 (2) to read as follows:
``ELECTRONIC SIGNATURE--The term `electronic signature' means
a biometric or other sequence of data in electronic form,
attached to or logically associated with an electronic record,
that . . .''
This change would ensure that the bill does not rule out the use of
sound biometric authentication solutions that have been specifically
designed to accomplish the purpose of this bill.
The International Biometric Industry Association thanks both
subcommittees for this opportunity to express its views about H.R.
1714. I would welcome your questions about biometric technologies and
their relevance to this important bill.
Mr. Tauzin. Thank you very much, Mr. Siedlarz. I understand
you made the case for identifying dogs?
Mr. Siedlarz. I have, indeed.
Mr. Tauzin. My wife would contest that, by the way. She
thinks our dogs are humans, so that would be a problem.
We are pleased now to welcome Mr. Christopher Curtis,
Associate General Counsel of Capital One, here in Falls Church,
Virginia. Welcome, Mr. Curtis.
STATEMENT OF CHRISTOPHER T. CURTIS
Mr. Curtis. Good morning. I am Christopher Curtis,
Associate General Counsel of Capital One Financial Corporation.
I appreciate the opportunity to testify today in support of
H.R. 1714.
Capital One is one of the world's largest issuer of credit
cards, and a direct marketer of consumer and small business
lending products. We are also a pioneer in the direct marketing
of wireless telephone service through our subsidiary, America
One Communications.
On behalf of Capital One, I would like to thank the
subcommittee for considering this legislation. I hope you will
report favorably on it. The world of online commerce is
exploding all around us, offering more efficient commerce, and
hence, greater wealth for all Americans. However, further
development of electronic commerce may be impeded by the issue
of online authentication: the means by which one party, such as
a merchant or financial institution knows who it is dealing
with; as well as the issue of online signature: a means by
which a party legally binds itself to a transaction. Without
resolution of those issues, we fear that parties will be
reluctant to enter into larger transactions with numerous and
remote counter-parties.
I will refrain from any technical discussion of the
electronic signature technologies currently available. Instead,
I want to endorse what I see as the two basic principles of
this legislation. First, the bill establishes a national
principle of recognition of electronic signatures. Second, the
bill rejects any prescribed technical standard and instead
allows the marketplace to decide what technologies are best.
By establishing a uniform rule of recognition, the bill
provides what we see as the keystone in a sound legal
architecture for electronic commerce. In the current chaotic
legal environment, the validity of electronic transactions is
governed by the law of each State. A number of States have
moved to recognize electronic documents and signatures, but not
in a consistent manner. Electronic signatures that are valid in
one State may not be valid in another State. Moreover, some
States still don't recognize electronic signatures at all.
While there is the uniform State process which is underway, as
has been discussed this morning, we know that may take a long
time, and may not in the end, in fact, result in a uniform
product. Sometimes the uniform process does not.
As a result of the current situation, individuals and
companies doing business on the Internet face considerable
uncertainty as to the enforceability of their transactions.
There is a significant concern that a party to an agreement can
simply deny making the agreement. The ability to do so opens
the door to fraud in electronic commerce and hinders growth in
this medium. We will never achieve the full potential of
electronic commerce until agreements entered into on the
Internet are valid and enforceable.
We also support the bill's principle of free development of
electronic signature technology. This will allow the market,
not the government, to determine the desirability of a specific
technology. We at Capital One would not presume to tell you
what electronic signature technology is best. Even if we could,
what is best today may not be best 5 years now, 10 years from
now, or even 1 year from now. The proposed legislation takes
the right approach by insisting that those issues be left to
human ingenuity as tempered in the marketplace.
In conclusion, Capital One strongly supports the enactment
of H.R. 1714. We believe it provides the best legal basis for
unleashing the Internet's potential to transform commerce. We
are grateful for the leadership of Chairman Bliley in
introducing this legislation; and to the subcommittee for
considering it. Thank you for the opportunity to testify before
you today.
[The prepared statement of Christopher T. Curtis follows:]
Prepared Statement of Christopher T. Curtis, Capital One Financial
Corporation
Mr. Chairman and Members of this Subcommittee, my name is
Christopher Curtis. I am Associate General Counsel of Capital One
Financial Corporation, headquartered in Falls Church, Virginia. I
appreciate the opportunity to testify today on H.R. 1714, the
Electronic Signatures in Global and National Commerce Act. The subject
of electronic signatures is an important one to Capital One, to the
national economy, and, we think, to the world.
First, a word about Capital One. Through our subsidiary credit card
bank and thrift, we are one of the world's largest issuers of credit
cards and a direct marketer of consumer and small business lending
products. We are also a pioneer in the direct marketing of wireless
telephone service through our subsidiary, America One Communications,
Inc.
As of March 31, 1999, Capital One had $17.4 billion in managed
loans outstanding and over 18 million customers in the United States,
Canada and the United Kingdom. We have over 12,000 employees based in
Virginia, Texas, Florida, Washington State, Massachusetts, and the
United Kingdom.
In each of the last four years, Capital One surpassed its goals of
achieving annual earnings growth and annual return on equity of at
least 20% and is on track to surpass that goal this year as well. In
1998 alone, we added nearly 5 million net new customers and are
currently adding new customers at the rate of 15,000 net new accounts a
day. To support that account growth, our Company hired 4,500 new
employees during 1998 and expects to hire at least 3,500 additional
employees in 1999 across all of our sites.
On behalf of Capital One, I want to thank the Subcommittee for
considering the legislation that is before you today, and I hope that
you report favorably upon it. The world of on-line commerce is
exploding all around us. Its capacity for enabling more efficient
commerce and hence greater wealth for all Americans, as well as
residents of other nations, is so large that it cannot be quantified
and can scarcely even be envisioned. Significant burdens to further
development of electronic commerce, however, are the issues of on-line
authentication--the means by which one party, such as a merchant or a
financial institution, knows who it is dealing with--and on-line
signature, a shorthand expression for a party's legally and formally
binding itself to a transaction. Without resolution of those issues,
parties will be reluctant to enter into larger transactions with more
numerous and remote counterparties. Their reluctance will be grounded
in practical concerns about fraud, and also about the risk that a
counterparty could disavow a transaction under a state's statute of
fraud or related legislation or doctrines.
I will refrain from any technical discussion of the electronic
signature technologies currently available--indeed, one of the virtues
of the proposed legislation, as I will describe in a moment, is that it
rejects any prescribed technical standard or approach to the problems
of on-line authentication and signature--but instead discuss what I see
as the two basic principles of the legislation, both of which Capital
One strongly supports.
They are, first, the establishment of a national principle of
recognition of electronic signatures; and second, the adoption of what
we at Capital One call an ``open platform'' approach to technology,
allowing the marketplace to decide what technologies are best. I will
discuss those two principles in order.
National Recognition
The proposed legislation takes the essential step of establishing a
uniform rule of recognition, which we see as the keystone in a sound
legal infrastructure for electronic commerce. The current legal
environment, in which the validity of electronic transactions is
governed by state law, can fairly be described as chaotic. While a
number of states have moved to recognize electronic documents and
signatures, states have not done so in a consistent manner. Valid
electronic signatures in one state may not be valid in another state.
Moreover, some states still do not recognize electronic signatures at
all. As a result, individuals and companies doing business on the
Internet face considerable uncertainty as to the enforceability of
electronic transactions.
In fact, the single biggest problem that parties face in conducting
business on the Internet is that of repudiation. Under the current
environment, there is a significant concern that a party to an
agreement can simply deny making the agreement. The potential ability
to repudiate an electronic agreement opens the door to fraud in
electronic commerce and hinders growth in this medium. Ultimately, we
will be unable to achieve the full potential of electronic commerce
until agreements entered into on the Internet are valid and
enforceable. While those issues are also present in that older medium
of paperless remote commerce--the telephone--Internet commerce, because
of its greater speed, power, and flexibility, offers immensely greater
opportunities for abuse and fraud.
This problem cannot be adequately addressed at the state level
because of the inconsistencies in state law. Currently, state law
determines whether or not there was an enforceable contract and whether
that contract was valid. This creates significant uncertainty for
Internet transactions. For example, imagine a scenario in which Capital
One, a Virginia company, maintains a web site on a server in our
facilities in Texas and enters into an electronic contract with an
individual residing in California. In determining whether the contract
is valid, it is not clear which state's law applies. Thus, in order to
ensure that an individual or a company is entering into an enforceable
transaction, a company or a consumer doing business across the country
may need to comply with the different, and possibly conflicting, laws
of a number of different states depending on where the other parties to
the transaction are legally located. As a practical matter, this
uncertainty and duplication will increase the cost of doing business
electronically as individuals and businesses seek to comply with the
laws of all fifty states and other relevant jurisdictions or simply
forego electronic commerce at levels that they would otherwise find
desirable.
Open Platform
We also support the bill's open-platform approach to electronic
signature technology. By permitting a number of different technologies
that meet minimum standards to qualify as electronic signatures, the
bill will foster technological innovation. A number of different
signature technologies, including promising new technologies, may
easily be incorporated into the legal framework established by this
bill. This will allow the market, and not government, to determine the
viability and desirability of a specific technology. An open
environment will also keep the cost of electronic signature technology
in check by allowing a number of competing technologies to emerge in
the market without bestowing a monopoly on a single company or
technology. We at Capital One would not presume to tell you what
electronic signature technology is best; and even if we could, what is
best today may not be best five years from now or ten years from now--
or even one year from now. The proposed legislation takes the right
approach by insisting that those issues be left to human ingenuity, as
tempered in the marketplace.
Conclusion
In conclusion, Mr. Chairman and members of the Subcommittee, we at
Capital One strongly support the enactment of H.R. 1714. We believe
that it provides the best legal basis for fostering electronic commerce
and unleashing the Internet's potential to transform our economy and
the world's. We are grateful for the leadership of Chairman Bliley, the
original motive force behind this legislation, and we commend the
Subcommittee for its consideration of it. Thank you for the opportunity
to testify.
Mr. Tauzin. Thank you very much, sir.
The Chair now recognizes himself for 5 minutes, and
members, in order.
First of all, Mr. Pincus, you are aware, of course, of the
July 1997 German Digital Signature Law that seems to be very
restrictive in terms of using only digital signature
technology, and the government's August 1998 position paper on
international recognition of digital signatures reinforcing
their own law. Can you tell me how the U.S. is responding to
this very alarming direction that the government of Germany is
already taking in this area?
Mr. Pincus. Certainly, Mr. Chairman. Let me mention one set
of international developments that is relevant. Just as we are
having this discussion here, the question of promoting
uniformity has been very much an issue in Europe within the
European Union. In fact, the European Commission has proposed
an electronic signature directive that is now working its way
through their process, and is expected to be finalized sometime
toward the end of this year. It is much closer to--although not
completely congruent with--the principles I discussed earlier
and will require significant changes in the German law.
We have made it clear to the Germans that we think their
approach is not technology-neutral. It is technology-specific,
which would create real problems in global commerce. The
European Union approach is much closer to ours and more
technologically neutral. It is different from the approach we
advocate in that it provides for some government identification
of preferred technologies, and giving them a legal presumption,
which we think is not the way to go. But it is a lot closer to
where we are and would require significant changes in the
German law.
Mr. Tauzin. Andy, you have mentioned that you are not sure
yet; you don't know whether or not electronic commerce is
impeded yet by the lack of a national standard that is
technologically neutral, but nevertheless moves all the States
in the same direction. How do you know what activity is not
going on? How do you identify what is not happening in e-
commerce? We can identify what is happening. But how much is
not happening? Maybe you can jump in and help me with this,
some of you other witnesses.
It seems to me that is a hard thing to quantify. It seems
to me that if we are smart enough to pass a national standard
that is amenable to all the States, a lot of things could
happen that aren't happening today. Am I wrong in that?
Mr. Pincus. I think you are right. It is hard to know. I
think in talking to the private sector, which obviously has its
finger much closer to the pulse than we in government do, most
of the concerns that we hear expressed are in terms of what
happens if we don't get to a uniform standard soon. We don't
hear a lot of examples of people saying, ``We are thwarted from
doing something right now.''
Mr. Tauzin. Well, let's find out. Ford Motor Company
indicates, Mr. Skogen, that you are doing a lot of online
customer activities. But the customers still have to go to a
dealership, right, and sign a contract at the end of it all; is
that correct?
Mr. Skogen. That is correct.
Mr. Tauzin. Would it be helpful if, in fact, we had a
national standard so that you could do all of that business
online, including the contract? Could we end up 1 day where
customers could design their cars; order them from you online;
and the factory would build it and ship it?
Mr. Skogen. Well, I guess anything is possible.
But we do, in fact, receive requests from customers and e-
mails on trying to make the process a little smoother for them;
allow them to do as much of it from home as possible. In fact,
even some dealers today are delivering vehicles to the
customers' homes that have ordered it over the Internet.
Mr. Tauzin. Yes. So I mean that a lot more is possible if
we are wise enough to have a nice set of standards.
Let me ask you in terms of the current bill, Mr. Siedlarz,
you have made the case for technological neutrality here. Is
our bill sufficiently technologically neutral?
Mr. Siedlarz. I think it is. I think, Mr. Chairman, it is
very close. With our little sensitivity on the issue of
biometrics; the way we link biometrics to encryption; and the
growing understanding of those who have to work together, I
think that is true.
One added comment to your previous question, if I may: It
has to do with the issue of how we judge what is happening on
the Internet today. I don't think we know the true story.
Because we measure everything in terms of financial losses, for
example, and the misuse of a credit card, or having that
information stolen; we don't know, in fact, whether or not
privacy is being invaded at a significant level, and yet not
realized today by the consumer. We simply don't know the levels
of penetration.
Mr. Tauzin. You don't know how many consumers refuse to use
e-commerce until they know all this has been worked out.
Mr. Siedlarz. That is correct. I suspect that it is a large
number.
Mr. Tauzin. Mr. Curtis, let me get you to help us, too. How
deep is the concern about disavowal of transactions, right now,
repudiation, and the losses that might be incurred by companies
without a digital standard?
Mr. Curtis. Our concern about that is fairly high. We are
moving forward with a number of initiatives that will have us
more active online. But concern about disavowal, and
consequently, fraud, actually are a high-level concern with us.
They are holding up some of those initiatives that I really
don't want to talk about in detail. They are company-
confidential. We probably would be moving faster and providing
more online, Internet service sooner, if there were greater
certainty of transactions over the Internet and a more secure
legal basis for them.
Mr. Tauzin. So you have that same sense that we seem to
have. Consumers, in many cases, are going to be much more
willing to engage in e-commerce once we have some kind of
national standard established.
Mr. Curtis. Yes, I think that is true. Definitely.
Mr. Tauzin. Secretary Upson, before I leave you and go to
the members, would you give us a little clearer understanding
of the Virginia concept of the best practices center? What is
it? How does it work? What does it do?
Mr. Upson. Yes, Mr. Chairman, I would be pleased to. In
fact, I am sorry that I neglected that in my remarks.
One of the things that we are trying to do is encourage the
State agencies to--and Governor Gilmore is about sign an
Executive Order that will require State agencies to--think
about the electronic signature environment and putting up
systems that facilitate it in their contractual arrangements.
What we are establishing is a statewide, best practices
website, where agencies--smaller agencies in particular--can go
and get information on how the process works; what other
agencies are doing; and what other States are doing. This is so
we might have the ability to take advantage, without having to
reinvent the wheel, and really build a best practices center
across government that we can use for a number of information
technologies and electronic commerce initiatives. Digital
signatures is just one of them.
In fact, one of the recommendations that you might consider
is a best practice site at the Commerce Department, or an
appropriate place, for States to be able to at one stop
understand where they can go and see what the best practices
are, and find out what other States are going.
Mr. Tauzin. Interesting. Thank you very much, sir.
Finally, Mr. Engelberg, we have a number of members now. I
wanted to wait until we had a sufficient number, because I
thought this would be interesting for everyone.
Here is your digital signature on Stamps.Com, right?
Explain to us how it works. How is it secure? How is it
authenticated?
Mr. Engelberg. Sure. Each barcode is unique. Each one
contains a digital signature that is generated for that
particular piece of mail. The barcode contains additional
information like the delivery routing; zip code; where it came
from; a date/time stamp, and the amount of the postage. A
digital signature is generated by a private, cryptographic key,
which is unique to a particular user.
Before we create that key set, it is sent to the Postal
Service's Certificate Authority, where a digital certificate is
generated. That certificate's serial number is embedded in the
barcode. In the event that the Postal Service wants to
authenticate the postage, they can scan the barcode; get the
certificate's serial number; and from the Certificate Authority
get the public key to read the digital signature. If the two
match, then you know it was generated by a valid key. So, that
is the full process.
Mr. Tauzin. So, it is an encrypted system with a private
key, with the availability of the Postal Service to use a
public key to authenticate it, if necessary?
Mr. Engelberg. Correct.
Mr. Tauzin. Thank you very much.
The Chair will now yield to the gentlelady from California,
Ms. Eshoo.
Ms. Eshoo. Thank you, Mr. Chairman. My thanks to each one
of the panelists for your excellent testimony to us.
I would like to start out with Mr. Pincus. Thank you,
again, for your testimony and your good work at the Commerce
Department on the international front of this very important
issue.
My question to you concerns the section on preemption. I am
sure you would have guessed that is what I would be asking you
about: section 102 of the bill. As you point out in your
testimony, this section would empower the Secretary of Commerce
to file an action to enjoin the enforcement of State statutes
prohibited by this act.
I have two questions. First, did the Secretary of Commerce
seek this authority? Second, what effect do you believe such a
statute would have on State laws addressing electronic
authentication? Then, as a follow-up, I would like Mr.
Greenwood and Secretary Upson to also comment on the questions
and Mr. Pincus' response.
I am asking you to divvy up the time now. Those are my
questions. Mr. Pincus?
Mr. Pincus. Thank you, Congresswoman Eshoo. We certainly
did not seek this authority. As I mentioned in response to the
chairman, we are not aware that the case has been made yet that
there is a need for preemption, although it is risky. When the
chairman is making a case, you sort of always now that you are
going to get on the bad side.
Ms. Eshoo. But that is what hearings are for, so that we
can flush out the different parts of the bill; develop
consensus, and have the strongest one that is going to work
well for the country.
Mr. Pincus. No, I understand that. So we didn't see a case
for preemption at this time. I think to the extent there is
such a case, as I said in my oral statement, it seems to us
that it is a case to create a gap-filler rule until the States
enact the Uniform Electronic Transactions Act. I think that
everyone agrees, as I said, that if we could wave a wand and be
sure that every State would do that in a short period of time,
then there would be no problem, because the UETA would be a
very strong, uniform basis of national law.
That, it seems to us, is what we should be doing. Some of
the concerns that are expressed in my written testimony are
that this bill really goes beyond that goal and could create
some continuing questions about the preemptive effect of this
measure vis-a-vis any uniform State law that is enacted. That
could cause a lot of confusion about what the governing rules
are.
Ms. Eshoo. Thank you.
Mr. Greenwood. I tend to agree with Mr. Pincus. I guess I
would just emphasize one part of it. We really are, I think, at
the cusp of uniform State law in this area. National Conference
of Commissions on Uniform State Law has been almost at the end
of a multi-year process of developing the Uniform Electronic
Transactions Act. I feel like I have been privileged to be at
almost all of their drafting meetings. It is quite an
incredible process to see them go through so many interrelated
areas of State law and common law; and get down to the
fundamental interests that industry has in creating a better
legal framework; and make sure they are meeting those
interests, while also balancing other interests, as well.
Ms. Eshoo. Do you think that the States, in developing the
model legislation, would have that completed within the 2-year
deadline that I think the bill establishes?
Mr. Greenwood. That is going to be one of the areas that we
will be proffering comments on within our 30 days. The 2-year
time limit, in our view, is somewhat problematic. The
preemption balance is going to be the most delicate one in a
measure like this. A key criteria is that it allows
jurisdiction to revert back to the States, as part of our
comprehensive Uniform Commercial Code, commercial law, and
Uniform Electronic Transactions Act process. We have some
States that are not even going to be in session. They have
legislative sessions every other year. Texas, and some others,
for example.
The other issue in this is that we are talking about an
area of law which is going to be evolving over many, many
years. The markets will evolve. The technologies will evolve.
Things will come up. So long as you have States around; so long
as we have these legislatures; and we have other interrelated
areas of law, we are going to need the flexibility to maintain
the jurisdiction--and in a sense, the sovereignty--to continue
to discharge our duties to make sure those laws are appropriate
and responding to those changing conditions in 2 years, in 20
years, and hopefully, in 200 years.
Ms. Eshoo. Secretary Upson?
Mr. Upson. It is an interesting question. I would just
comment that I think that what I understand the statute does--
or is attempted here--is that uniform standard of recognition
across the country in recognizing an electronic signature is in
the interest of the citizens of every State. Of course, it is a
little moot for Virginia. We are in place, or will be within
the 2 years.
Part of me thinks--to speak as a consumer--I hope that the
States would have that in place within 2 years for the ease and
the ability to do the kinds of transactions that are multi-
State, in terms of insurance; buying a car; registering with a
financial institution, or anything. I am not sure that in the
Internet speed that our society is moving at that will be an
issue in 2 years. Maybe I am an optimist. I hope that the
national standard that this law establishes itself is in place.
I would feel differently if there were a prescription for how
we do it, as opposed to that there is a recognition that an
electronic signature is binding. I think that is the
significant part.
Ms. Eshoo. I don't think the committee has ever, in any of
its legislation, prescribed to a certain technology. I don't
think that is for the Congress to do.
Mr. Upson. No. I understand that.
Ms. Eshoo. So we agree with you there. The area that I am
pursuing, as you clearly understand, is how we marry the ``test
kitchens,'' as it were, of the States; not dampen their
creativity; develop something that is timely across the Nation;
but not trample on one another. That is the area that I am
asking you about. I am not so sure what your answer is.
Mr. Upson. I guess I don't see the trampling in the
legislation. I don't.
Ms. Eshoo. So you think that the States are being
respected? If they don't come up with something in 2 years, the
bill would impose----
Mr. Upson. I would hope that the States, in 2 years, would
have it in place. I just think that in 2 years we will be so
far along with electronic commerce, I think it is important
that----
Ms. Eshoo. This is electronic signatures that we are
talking about, though.
Mr. Upson. Well, electronic signatures I consider to be
integral.
Ms. Eshoo. You are doing your best to give me answer, and
be very respectful of Chairman Bliley. I appreciate that.
Mr. Pincus. Congresswoman, can I underline one thing that
Mr. Greenwood said, because I think it is important.
One of the problems of the 2-year period is if 10 years
from now--and this frequently happens with uniform laws--there
is an update that is done because of changes in technology, or
things we cannot even anticipate. I think the way that this is
currently drafted, it would prevent the States from coming back
with another uniform law that updated the first one. I think
that is what he was getting at. It has this continuing
preemptive effect.
Ms. Eshoo. I appreciate the comments that you have made,
each one of you. I think, Mr. Chairman, it is a section of the
bill that needs some dusting up. I yield back.
Mr. Tauzin. I thank the gentlelady. The Chair now
recognizes the gentleman, Mr. Shimkus, for a round of
questions.
Mr. Shimkus. Thank you, Mr. Chairman.
I want to first direct my question to Mr. Engelberg. Based
upon your response, you saw us all chuckling. Encryption is
part of this issue, but we also have another big issue before
us on encryption. I guess the question I want to ask, first, is
in our issue addressing the ease of export controls for
encryption products. What is role of that, in perspective? I
will just ask for your comments.
Mr. Engelberg. Well, as a company, Stamps.Com does not have
a formal position on export controls of encryption. We are
working with international postal authorities to try to achieve
a international standard, along with the U.S. Postal Service,
for the digital signature and two-dimensional barcode, so that
this form of postage can be recognized worldwide. Right now, it
is restricted for domestic use.
Mr. Shimkus. Why is it restricted for domestic use?
Mr. Engelberg. There are a bunch of reasons, mostly Postal
Service decisions. International postal authorities do not yet
have the ability to recognize that type of postage.
Mr. Shimkus. Does it depend, in any amount, on our
encryption policy?
Mr. Engelberg. I don't believe so. I would want to
investigate that further and provide a written response.
Mr. Shimkus. Also, you talked about public access and
private access of keys. Is the perception on your end as far as
mail fraud and the ability to have access to keys, both public
and private, a concern? Is it not a concern?
Mr. Engelberg. In our system, the keys that are used to
generate the postage are not actually in the hands of the user.
They are always maintained on our server. When a user logs in
and is authenticated through a proprietary authentication
process, the keys that are used to generate postage for their
unique account--their meter--are pulled from a data base and
used, within the boundary of a highly secure, cryptographic
device.
One of the concerns that I highlighted in my written
statement was that a private key in the hands of somebody who
does not know how to use it can be dangerous in that someone
could get hold of your private key and begin signing things. It
is non-reputable. That is one of the reasons we hold onto the
keys that are used to sign.
Mr. Shimkus. What if there is an issue on mail fraud and
the government? I guess the Department of Treasury would want
to address that. How would they get access to a key to follow
information--or, would they?
Mr. Engelberg. Well, one of the motivations for the system,
actually, was to combat mail fraud. Traditional postage meters
are susceptible to fraud. You can crack into them and literally
roll back the meters. So this was a way of stepping up the
security of evidence of postage.
With regard to which government agency would conduct an
audit, right now that exists within the Postal Service. The way
they would do it would be by scanning any individual mail piece
and checking the validity of the digital signature using a
Postal Service Certificate Authority, which the Postal Service
runs.
Mr. Shimkus. Okay. I think I still have some time, so I
will go with Mr. Skogen, from Ford Motor Company. Would you
please outline a few components of the transaction costs your
company may incur if it is faced with 49 different State
electronic signature laws? I don't know why it is 49. Probably
50 different signature laws are possible.
Mr. Skogen. Maybe I can respond to that from a little bit
different side, and look at some of the things that we are
looking at and doing today on the Internet that could be
affected by it.
For instance, I see several opportunities for several
applications for the Internet that we have already launched.
For instance, company-to-dealer communications through a dealer
Internet website, which enables us to communicate faster, on a
more timely basis, from one central location. Some of the
things that we would like to do on that website are going to
require some type of electronic signature.
Ford Credit offers customer account access online, which
provides 24 hours, 7 days a week secure account access for
customers. Today we have roughly 170,000 Ford Credit customers
that are using it on a monthly basis. Our purchasing
organization is analyzing warranty repairs, via the Internet,
along with our suppliers. They are pursuing a paperless
purchasing process, which includes non-production purchases of
several billion dollars a year. On the Ford supplier side, Ford
has a Ford Supplier Network they can access through the web,
which offers information and communications facilitating the
engineering process, along with online training.
Everything that I have mentioned provides additional
efficiency and convenience; but it would be more efficient and
secure with electronic signatures.
Mr. Shimkus. And much more difficult if you had to comply
with 49 or 50 different encryption possibilities.
Mr. Skogen. Yes, that is true, I guess. Whatever advances--
is e-commerce the quickest? Whether we get it from the States,
or whether we get it from the Federal Government, it has to be
uniform and it has to be soon.
Mr. Shimkus. Mr. Chairman, I yield back. Thank you.
Mr. Tauzin. I thank the gentleman. The Chair now recognizes
the gentleman from Tennessee, Mr. Gordon.
Mr. Gordon. Thank you, Mr. Chairman. Let me thank you, once
again, for your tolerance in allowing a little flexibility here
today.
As I had mentioned earlier, last year the House passed the
Government Paperwork Reduction Act. I have introduced
legislation to try to bring that to a head. That act required
that, by the year 2002, the various Federal agencies would be
able to communicate with electronic signatures with their
constituents; but it has really set up no guidance. You could
wind up getting into a situation where, because of
interoperability within an agency, or between agencies, you
could have even a more difficult time trying to communicate
than before.
So what our digital signature legislation does is sets up,
or dictates, or directs NIST, which is the National Institute
of Standards in Technology, to establish some minimum,
technologically neutral standards so that the different
agencies will be able to by off-the-shelf products and have
interoperability. That was the objective. I have vetted it
extensively with the private sector, all on a positive basis,
if anything they say goes beyond this in having authentication
beyond just electronic signatures. I have tried to make this
available to all of you. I don't know whether it has worked its
way up through the food chain or not.
I am going to break the cardinal rule of a lawyer and ask a
questions that I don't know the answer to. I will start with
Mr. Pincus. The ones of you that have had an opportunity to
review this, any kind of feedback that you might give, give
please.
Mr. Pincus. Certainly, Congressman Gordon. Let me say,
first of all--maybe a little parochially--we are very proud of
NIST at the Commerce the Department, and its expertise in the
computer area, among many other areas. We think it does have a
role to play.
I think our question involves how this legislation would
interact with last year's, because we think last year's
legislation is working. Agencies are moving forward with the
process of moving online, and adopting authentication methods
that work for whatever their particular interaction with
customers or constituents is. I think we would be interested in
working with you to provide a way so that agencies, as Mr.
Upson said, have access to the resources so they know what is
out there in the marketplace.
Where we get concerned is the idea that there can be a
single solution or set of solutions for standards problems in
the government. Just like in the private sector, there are
different kinds of authentication and different levels of
security that may be appropriate for different kinds of
government/non-government interactions. So we are leery of an
approach under which there can only be one digital signature
that you can use for all your interactions with the government,
because that is not how the agencies are going. As I said,
their missions and their various interactions may require
different levels of security. Obviously, it is very high for
Treasury in its dealings with financial institutions; and it
may be much lower if it involves just filing an informational
form that does not carry the same consequences if things are
mishandled.
My overall reaction is that we would, obviously, be very
happy to work with you in moving this forward.
Mr. Gordon. Well, our objective is not to look for one
standard. Our objective is to, again, allow a minimum standard.
I know that at home we have 95 counties in Tennessee. We,
some time back, tried to get them all to take their election
commissions and get them computerized. Well, each election
commission got the cheapest thing they could find. There was no
interaction between them. We are having to start all over.
So, there are number of, I am sure, good products there.
What we want is for agencies to know which ones can be
interoperable and where you go out on-the-shelf and purchase
them. Anyone else?
Mr. Pincus. I should say that on the off-the-shelf point we
are very focused on the idea that we shouldn't be looking to
create special products or technologies for government. What
government agencies should be doing is looking at what is out
there in the marketplace and picking something that works for
them.
Mr. Gordon. Trying to keep within our time. Anyone else?
Mr. Upson. Just a quick observation. I am not real familiar
with the legislation. As you describe it, there is also, under
the Information Technology Management Reform Act that Congress
created and the President signed, a chief information officer
apparatus, where you have the agencies with the knowledgeable
people. I forgot what the mechanism is in that bill, but they
meet regularly as you know.
Mr. Gordon. I think it is the OMB.
Mr. Upson. Yes. And each agency has a representative. That
might be very useful.
Mr. Gordon. We are trying to work with them to, again, find
that continuity.
Anyone else?
Mr. Siedlarz. Congressman, one other quick response. I
wanted to make you aware of the fact that there is a
significant movement within the industry to find application
program interface standards that all companies and all
technologies can meet, up to a certain line, for a kind of
handshake that would make them interoperable.
One of the most significant ones is an ad hoc organization
called BIOAPI. Most of the major computer manufacturers, as
well as significant participants in the biometric industry are
involved in the development of those standards. Before the
government steps in and attempts to adopt a standard, even a
common denominator one--which I think is admirable--I think the
product of those industry groups would be useful, first.
Mr. Gordon. If you could provide me with the name of that
organization and how to contact them, it would be helpful.
Thank you.
Mr. Siedlarz. I would be happy to do that.
Mr. Greenwood. If I may take a stab? I had an opportunity
to review the legislation. One of the sections of it that I
thought held a lot promise to be assistive was the panel. I
think it was the last section. A number of States have been
struggling with the same questions. How do we organize? How do
we standardize? How do we ensure interoperability among our
usages of electronic authentication; and in particular, the
usage of certificate authorities, certificates, and digital
signatures?
I would be happy to make available to the committee in part
in response to your question a draft guidelines document which
we came up with collaboratively with some Federal agencies, and
mostly with some private-sector entities through the National
Automated Clearinghouse Association. It is something called
``The Certificate Authority Rating and Trust Guidelines.'' We
opted in the end of the day for no central standards from any
given organization, or even a consortium of organizations. But
rather at this stage, since we are still in an early phase of
development of the technology and the business model supporting
the this technology; we opted to give some guidelines for
bottom-up standards through watching best practices emerge:
contracts, operating rules, and things of that nature.
The only other observation I make on the bill, which maybe
deserves some more review, is that it does seem to have an
underlying assumption that the usage of certificates will be
part of a trusted third-party certificate authority model. Our
review of this document in the natural organization seemed to
indicate that the business models are developing more in line
with a so-called ``closed system,'' or a bounded system, where
the organization issuing the certificates for use is actually
one of the two parties themselves. So it may be that your bank
is issuing you a certificate. It is not some third-party
certificate authority. That is something that might bear some
more analysis in your bill.
Mr. Gordon. I think within the Federal Government you are
going to be dealing with constituents more than business. There
is some business-to-business; but there are also going to be
individuals that will not have that ``in-house'' ability.
Mr. Skogen. I would like to just make one quick comment
here. We see H.R. 1714 as the first step in establishing
acceptance of electronic signatures nationwide. We do support
anything that advances uniform standards, such as H.R. 1572.
I mean, if the Federal Government can be used as a model
for widespread usage, I think that is great. But we think that
the industry-based standards for certification authorities
would be better for business.
Mr. Gordon. Thank you, Mr. Chairman.
Mr. Tauzin. I thank the gentleman. The Chair is now pleased
to recognize the gentleman from Oklahoma--who, in e-commerce
jargon, may not have been much of a sender, but is one hell of
a receiver--Mr. Largent.
Mr. Largent. Mr. Pincus, for many at the Commerce
Committee, can you give us any idea what the number is in terms
of dollars that is being conducted today in e-commerce in this
country?
Mr. Pincus. In my written testimony, I have some numbers.
The projections are overtaken when we get to reality, so the
projectors go up another notch.
The forecast that we are hearing is that online retail
sales will be about $40 billion by 2002. And all e-commerce
activity, including business-to-business which is obviously a
much larger amount, could be up to $1.3 trillion, in around
2002-2003.
Mr. Largent. What would you estimate that it is in 1999?
Mr. Pincus. I think in 1999, the online--the Christmas
retailing--was in the $7 to $9 billion range. I am not sure
what the number is for online business-to-business. It is many
multiples of that. The business-to-business transactions are
moving ahead much quicker than retailing.
Mr. Largent. So, $12 billion; $20 billion?
Mr. Pincus. I think maybe in the upper range; around the
$100 billion range.
Mr. Largent. One hundred billion. That is all electronic
commerce? I am trying to compare your numbers. In 2002 you said
$40 billion.
Mr. Pincus. No. The all-in number was $1.3 trillion.
Mr. Largent. Right. Okay, that is right. So, $100 billion.
We are anticipating that to grow by twelvefold in 2002.
Mr. Pincus. I think the growth rates are very high.
Mr. Largent. Okay. Do we have any idea what kind of abuse
has taken place today, because of the lack of verifiable or
uniform electronic signature laws in this country? How much are
people stealing--Visa Card numbers, and so forth? What kind of
abuse is taking place today?
Mr. Pincus. I don't think we know. I actually think that,
even if we had a signature law, even if the Uniform Electronic
Transactions Act were enacted today, that still would not
provide a means of paying for most consumers goods. I think in
the foreseeable future for consumer transactions, there is
electronic money and perhaps other innovations that are a bit
further off in the future. I think people anticipate that
credit cards are going to be the method of payment for consumer
transactions in the near and medium term.
Credit card companies, themselves, have been developing
some kinds of security mechanisms to be sure that credit card
numbers aren't misused. But as some people have pointed out, if
you give someone your credit card in a restaurant, it passes
through a lot of hands. The opportunity for people, if they
have a fraudulent frame of mind, to get the number and misuse
it is not that different from someone's catching the number
electronically. A person with fraud in mind, if they get into
the stream, can obviously catch a lot more numbers and may have
a bigger opportunity for fraud. But I think the credit card
companies are very focused on this problem, since they bear the
burden of the fraud and are figuring out ways to prevent it.
Mr. Largent. Do you hear from the States very often in
terms of the dollars that are conducted through electronic
commerce that escape State taxation, or even cities and
municipalities?
Mr. Pincus. I am privileged to be Secretary Daley's
representative on the Internet Tax Commission. So in preparing
for the first meeting of that Commission, which is going to
take place in Williamsburg on the 21st and 22nd, I have been
hearing a lot of information from States and localities about
their concern that there may not be a tax collection mechanism;
and what that might mean for their revenue base.
Mr. Largent. Yes. So I am asking that question, because one
of the issues is States' moving forward with their own
legislation on electronic signature. Would the fact that they
are losing taxes, because of electronic commerce, be a sort of
cold blanket on them out of wanting to move forward
expeditiously within a 2-year window, or whatever, on doing
something themselves? Do you understand what I am saying?
Mr. Pincus. I understand what you are saying. I guess I
haven't heard that. Because of the economic growth potential of
electronic commerce for our country and for each State, I think
there is much more of a policy and political imperative for
States to do things that facilitate the growth of electronic
commerce, even if it may, as you say if this other issue isn't
solved, have an adverse revenue effect on them.
What we have heard is much more of an interest in doing
things to help e-commerce grown, and then figuring out a way to
deal with this tax issue.
Mr. Largent. That is what I hear, too. It does flow both
ways. In other words, you can open up your own electronic shop
in your State, and have people buying products from your State,
as well.
Mr. Siedlarz, I just wanted to ask you a little bit about
your company and how that works. What would I have to have to
have on my laptop in order to do that iris deal? Everything
that I would need, do I have it on my laptop right now?
Mr. Siedlarz. Pretty much, except that the only other
peripheral that you would need, Congressman, is a small
imager--a camera--that sends either the iris code itself, or
the image for processing on the laptop, and resident software
on the laptop that would do the processing and comparison.
Mr. Largent. Does that have to have that broad-band, high-
speed Internet capacity?
Mr. Siedlarz. Well, it doesn't. There are two different
version of it that we are working on now. One can send a very
low bandwidth of 4 to 6 frames a second. Another version sends
30 frames a second, but you are doing the processing in the
imager. So, it depends on where you are doing the processing.
Mr. Largent. Mr. Engelberg, my last question is to you. You
were explaining, a little bit, about your electronic signature
on your envelope. I have to tell you that I honestly did not
understand one word you said. Can you kind of just tell me what
business you are in? What the heck do you do with this,
Stamps.Com? I don't have a clue.
Who are your consumers? Do you just work with the general
public? What would I buy from you? What is your business?
Mr. Engelberg. Yes. Our service is designed to provide
postal convenience. We basically replace the postage meter. We
make it possible for you to print postage off your desktop
printer, using your laptop with nothing added; 24 hours a day,
7 days a week. We do it with a system of cryptographic keys on
our servers that generate digital signatures to make each stamp
unique. There is a digital signature in every barcode, in every
stamp.
Mr. Largent. And the Postal Service has to read that
digital signature?
Mr. Engelberg. The Postal Service can read it to audit the
process to determine the authenticity of the stamp. When they
read the barcode, they can pull out the digital signature and
validate that with the public key they have on their
Certificate Authority.
Mr. Largent. Okay, I got you now.
Mr. Engelberg. I will stop there.
Mr. Largent. Yes. Don't give me too much information.
Thank you, Mr. Chairman. I yield back.
Mr. Tauzin. Otherwise you might go postal on us.
Thank you, Mr. Largent. The Chair is pleased to recognize
the gentleman, Mr. Sawyer, for a round of questions.
Mr. Sawyer. Thank you, Mr. Chairman. Every time we talk
about the electronic environment, one of the things that I try
to do is to think back to the fundamental underpinnings of any
process of law that might have preceded the environment that we
are working in, and recognize that many of the protections that
are offered in conventional environments really ought to apply
in a more technological one.
Today we have been talking about interoperability and
verification of signatures. We have touched a little bit on
sanctions. But I am struck by the Virginia precept that
suggests that, ``Where any Virginia law requires a signature,
or provides for certain consequences in the absence of a
signature, that law is satisfied by an electronic signature.''
I would really like to ask you to talk a little bit about
sanctions for falsification, or failure to perform as agreed
over a legitimate signature at both ends of a transaction. I am
particularly interested in the Federal law enforcement
standards. We have talked about postal standards, but I am not
sure about postal fraud: everything from bouncing checks and
the IRS, and the way that has been used for enforcement.
So what I would like to ask each of you is, thinking in
terms of both a multi-State and trans-national settings, are
there special places that we ought to look for pitfalls that
are unique to this environment in terms of enforceability and
comfort levels with sanctions, and guarantees of privacy and
security? It seems to me that if trust is at the core of a
signature, that becomes particularly important when we are not
only talking about the electronic environment, but the playing
field, both multi-State and trans-national. Mr. Pincus? Mr.
Upson? Special pitfalls that we need to look out for.
Mr. Pincus. Well, I think one you mentioned is, certainly,
privacy. We have taken the position that we should look for the
private sector to lead the way on privacy protection.
Certainly, one thing that we believe is important is that
authentication providers have good privacy practices that are
up to the level of the good online privacy practices that we
have talked about elsewhere. I think that most of them do. That
is clearly important. Because it is possible that with some
forms of authentication, the authentication provider would have
a lot of information about an individual's transactions that
the individual might not want to be sold, or might at least
want to exercise a choice about whether it could be marketed,
or mined by data miners. Certainly, we think that allowing such
choice is a good practice. We have not advocated government
solutions to this problem, because we think the private sector
is moving to do that. I think that is the right approach.
I think as a general matter, although electronic commerce
technology is very different from that used in international
commerce, it may be inappropriate to have special protections
for electronic transactions differing from those we have in the
physical world. We have general commercial contracting rules.
We also have special consumer protection rules--
unconscionability, and things like that--that apply to consumer
contracts. You would certainly want to be sure that those
things applied in cyberspace, as well.
There are some kinds of contracts in the physical world,
with respect to which we require special formalities: wills,
for example. One would certainly want to provide that is also
true, to the extent that there will be electronic contacting,
that there will be a form of authentication in that context
that has special assurance, because we insist on that in the
physical world.
I think as of now, we don't see the need----
Mr. Sawyer. I don't want to run out of time.
Mr. Pincus. I am sorry. Other than translating current
rules appropriately for the online world, we don't see the need
for some special, overall new rules in electronic contracting,
because we are concerned about how that might tilt the market.
Mr. Sawyer. Mr. Upson, would you be comfortable enforcing
Virginia's laws based on signature in a multi-State or trans-
national setting, based on the kinds of protections that you
have available?
Mr. Upson. Well, I guess I would look at from this
perspective: I think that what we have tried to do in Virginia
is not create any new laws, necessarily; except for unsolicited
bulk e-mail, where we have a unique statute. Really, if it is
fraud in the non-electronic world; it is fraud in the
electronic world.
We have tried to ensure that our statutes do exactly what
Mr. Pincus said: to ensure that our statutes recognize that
fraud is fraud. If you falsify information electronically; once
that is recognized, it is a crime. We actually have a program
to train law enforcement professionals in cyber-crime. I guess
that is the way to look at it. Really, we try to say that our
whole premise is--I think it is yours, too, in this
legislation--that crimes are crimes, whether they occur
electronically or not.
Mr. Sawyer. I agree with that. I am looking for special
circumstances that we ought to be particularly alert to.
Mr. Upson. ``Spam,'' I think we have looked at. We have
attacked it. We have created a cause of action. There are
companies that engage in spam as a matter of business and pay
fines that are set up. We have made it very expensive now, in
Virginia. That is unique to the Internet.
Mr. Sawyer. Mr. Skogen?
Mr. Skogen. Yes. I am really not the right person to
respond to that question, but would be happy to get back to
you.
Mr. Sawyer. Good.
Mr. Greenwood. In Massachusetts, one of the first things
the Weld administration did in the early 1990's was to create a
computer crime commission, which analyzed our entire body of
statutory and common law crimes to see whether they were
adequate for even what we were seeing then as our emergence
into an information age. I think the results at that time
really still hold true today. Largely, our existing body of
laws was adequate to handle the types of crimes, fraud and
other misdeeds, that we saw developing. The exception is that
we have to keep asking the question.
So our approach is to remain on the lookout; to continue to
have hearings like this; and continue to ask and make targeted
reforms, as needed. I think we clarified a couple of things to
just make it painfully obvious for our prosecutors as they made
the case that larceny includes electronic property, and so
forth. So we made a couple of small tweaks--arguably not even
necessary.
Mr. Sawyer. Others? Thank you, Mr. Chairman.
Mr. Tauzin. Thank you, Mr. Sawyer. The Chair is now pleased
to recognize the gentleman from Illinois, Mr. Rush, for a
round.
Mr. Rush. Thank you, Mr. Chairman. Mr. Chairman, I want to
also commend you for patience, and commend the witnesses for
their patience. I know this has been quite a long hearing. I
just have a couple of questions for Mr. Siedlarz.
This technology to verify someone's identity through their
physical characteristics is pretty fascinating to me, and I am
sure to others. You can accomplish this through the use of
computers and other enrolled data?
Mr. Siedlarz. There is a broad range of technologies, Mr.
Congressman, that do that. In fact, maybe 115 different
versions are available in the world today.
Mr. Rush. Who would take advantage of this type of
technology?
Mr. Siedlarz. That question somewhat talks to the previous
one from the Congressman about the issue of what we should be
concerned about. The truth of the matter is that the new
technology today has a capability of verifying an individual in
a much more positive way that the previous signature--the human
signature--ever did. To the degree that Federal law is not
comprehensive enough to protect that from those who would
attempt to steal and counterfeit even the electronic version of
that today, we need to do something about that. As the business
on the Internet increases and e-commerce increases, clearly,
the threats against the electronic means of using technology to
prove identity, or verification, or authentication are going to
come under more serious attack. Anything made by man will
ultimately be defeated by others.
Mr. Rush. Is this technology aimed a particular, narrow
group of people?
Mr. Siedlarz. No. The best biometrics whole purpose is to
be absolutely useful in the general population. To the degree
that segments would not be available, then the technology would
be inherently flawed for use in electronic commerce.
Mr. Rush. When you indicated that you can verify someone's
identification through the pupil of the eye----
Mr. Siedlarz. The iris of the eye.
Mr. Rush. Are you going to have that information? How would
you gather and collect that information?
Mr. Siedlarz. That is a good question. Well fundamentally,
an image of the eye is taken and it is immediately converted
into a digital code. Then that is translated through a
relatively sophisticated process into what we call an iris code
and stored into the computer as 512 bytes of information. There
is no way that if you take that hexadecimal code of 512 bytes
that you could recreate the iris, or recreate anything that
looks like that original image. That information is
essentially, absolutely useless to anyone other than the system
of crossing a firewall and liking that image to an identity
code.
Even IBIA, as an organization, has taken a very strong
stand in being proactive about privacy, the ethics of privacy,
and the use of rules maintaining privacy within the biometrics
industry.
Mr. Rush. How would you collect it, though?
Mr. Siedlarz. Enrollment. You would look in a camera. The
code is created.
Mr. Rush. So you have consumers just lined up.
Mr. Siedlarz. It is a voluntary situation, exactly. There
are tests going on now; pilots in banks both in Europe, the
United States, and elsewhere, where people voluntarily submit
to enrollment--to get a picture taken, essentially--using
camcorder technology and to have that code created. It gives
them a great convenience. It protects their accounts. It,
frankly, protects their privacy in ways that it never did
before.
Mr. Rush. This is my last question. Are we approaching the
day when there would be a national or international data base
of pupils on file?
Mr. Siedlarz. Some of us might wish so from a business
standpoint. I don't think that, practically, that any one
technology is going to capture the world market or the world
use. We think some are better than others. But the issue of
interoperability is really what is important here. Whatever one
you use, there is a way for them to ultimately speak to each
other, and serve the purpose that we need in society.
Mr. Rush. Thank you. I yield back, Mr. Chairman.
Mr. Tauzin. Thank you, Mr. Rush. I think it is fair to say
that before you have a contract, you have to see eye-to-eye,
anyhow.
It will all work out, somehow. I apologize.
The Chair is pleased to welcome the very patient lady from
Missouri, Ms. McCarthy.
Ms. McCarthy. I thank you, Mr. Chairman, for this hearing
and your foresight. I would like to remark, in follow-up to Mr.
Rush's comment on international, that last October I was
sitting in the Dublin, Ireland, Silicon Valley area in the
Gateway Facility there observing Prime Minister Ahearn and
President Clinton sign a trade agreement from their laptops
with their secure id's. So there are huge international uses
already for this technology of the virtual signature.
Mr. Chairman, the President noted that while he is somewhat
new to the technology, this virtual signature could potentially
lead to a ``virtual president;'' and thought we ought to
probably debate larger, philosophical questions while we
grapple with the practical issues today of State and Federal
authority.
It is almost like being at the top of a really snowy hill.
The toboggan is heading down. You know it would be a great
ride, but you are not on it. You are running after it.
I feel a little be breathless about this whole
conversation, because it is happening. We are today trying to
grapple with how to do it well, so that it happens with the
safety and security that we all seek.
I must confess to the panelists I am a product of State
government: 18 years in the Missouri legislature before joining
this august body. So the question of preemption of any State
law is real to me. My State, Missouri, in 1998 did pass the
Missouri Digital Signatures Act, that our Secretary of State is
implementing. It is modeled after Utah law. I know a lot of
States are grappling with this.
So in this issue of State preemption, H.R. 1714 would
preempt any State law that is not consistent with the bill;
even if the State law is passed within the 2 years that the
National Conference of Commissioners is working in, as well as
any laws that are already on the books, like in my State of
Missouri. Do you believe there is any risk that the uniform law
that you are contemplating could be construed as inconsistent
with H.R. 1714, and thereby render this entire, intensive
effort invalid? I know my State will have to reflect on its
current law; look to the Commission's work; and adopt and make
changes.
If we pass this law, H.R. 1714, what if the Commission's
work is invalid? Mr. Greenwood, could you reflect on that? I
would love to weigh-in anyone else's thoughts.
Mr. Greenwood. Thank you very much for the questions. It is
very gratifying to see an alumna from the State legislature for
so many years in this august body.
I think your concerns are really right on. There is clearly
a need on the one hand to get a national baseline soon.
However, that cannot rule to the exclusion of an equally
important need not to unduly disrupt these areas of State law
and the emerging State laws.
To zero in on your specific question, one of the areas that
ought be looked at as this bill is honed through the process is
section 102[b][1] and [b][2]. There are several areas, but let
us talk about [b][1], for a moment. It would require that a
State law that is enacted to basically revert the jurisdiction
back to the State within this period of time must meet this
requirement: that it not discriminate in favor of or against a
specific technology, method, or technique of creating, storing,
generating, receiving, communicating, or authenticating
electronic records or electronic signatures.
That sounds good in the sense that it is technology-
neutral, which is what we want. I do believe the Uniform
Electronic Transactions Act, which we are primarily talking
about now, is largely technology-neutral. However, in the
particular implementation of many particular areas of law; you
do have to start talking about specific technologies in a
consumer protection stance, for example, as we start amending
our lemon laws to allow people to buy their cars at home.
Right now, Massachusetts has a requirement that there be a
disclaimer of various warranties, and other notices placed on
the windshield. That is a paper requirement. It is based on a
known business model, where a consumer goes into the lot. They
see the notice, and so forth. It is a media-specific
requirement.
As we start transforming our business models to allow these
things to occur online, when you don't have a consumer walking
onto a lot and looking at a windshield before they make a
decision; at some point we are going to have to say something--
some sort of equivalent language like, ``Must appear on a
screen,'' or something.
Similarly, with securities regulation and many other areas
of law--banking and on down the line--where there is consumer
protection and other media-specific protection for notices and
conspicuous terms in place; at some point the State
legislatures and law makers at every level of government will
have to come up with equivalent types of standards. That is by
definition; discriminating in favor of, or against, a
particular implementation. The trick here is going to be making
sure that you allow us to responsibly apply the same kinds of
jurisdiction that we have over commerce and other areas of law
now, in the information age, without having an inconsistent or
an undue impediment to interstate commerce. I think that will
be the trick.
Ms. McCarthy. Mr. Chairman, would you indulge me a follow-
up question?
I thank you very much for those thoughts. I think they are
right on point.
Mr. Greenwood. Thank you.
Ms. McCarthy. I would like to know from Mr. Skogen, Mr.
Curtis, and Mr. Siedlarz, if your industry has been involved in
the drafting of the Uniform Model Code?
Mr. Curtis. No, we have not.
Ms. McCarthy. Oh, yes, Mr. Siedlarz?
Mr. Siedlarz. Same answer.
Ms. McCarthy. You have not. Mr. Skogen?
Mr. Skogen. Apparently, we do, in fact, have State
representatives that have been involved in doing that.
Ms. McCarthy. Okay. Well, Mr. Pincus, are you concerned
that your efforts in this area could be for naught if the model
is effectively preempted?
Mr. Pincus. Well, we have concerns, as I said earlier and
laid out in my written testimony, that we not do anything that
would lead to controversy about whether the UETA, once it is
enacted by the States, provides the governing law; and that
there not be a lot of controversy about whether its provisions
are preempted. Obviously, such controversy creates the very
uncertainty that everyone is trying to remove.
So that is why in our view, to the extent there is to be
any intervening Federal law, the best approach is to design an
interim gap-filler until the States adopt the UETA. Then the
Federal law would fade away. It literally would exist only to
fill that gap to the extent that the subcommittee decided there
was a gap that needed to be filled; it would not be a
continuing Federal overlay on the State law that is eventually
adopted.
Ms. McCarthy. Well, I think that makes a great deal of
sense. In fact, there is language in H.R. 1320 that I think
attempts to achieve what you just articulated with regard to
this issue of preemption. I would hope that this subcommittee
would take a look at this particular point. I know, Mr.
Chairman, others before me have raised the concern that when we
enter this arena, we do so with the most study and the most
well-chosen words so that we don't find out at the end of the
process that all was for naught, and we are back to square one.
This technology is taking off without us, like that toboggan
down that snowy hill.
Mr. Pincus, you expressed concern, in your testimony that I
have before me, about the bill's provisions requiring
electronic signatures to meet reasonable requirements. I think
that is appropriate. How might this provision lead to problems
in the interpretation that covers the impact of the viability
of the model code, or the model bill?
Mr. Pincus. Well, as I mentioned, the real model of
authentication that businesses are using now are these closed
systems that are set up contractually, in which people pick
whatever authentication regime works for the level of business
and level of security they need.
Our position, and it is also a position that has been
adopted by the drafters of the model law, is that those
agreements should be enforced. Therefore, if that
authentication method is used subsequently, those contracts
should be legally binding. Our concern is that the use of the
word ``reasonable'' would provide a basis for a judge to say,
``Well, I don't like the authentication method that these
parties chose for their transactions; so none of them are
legally enforceable.''
Especially internationally, where there will be different
domestic legal regimes, we think the contractual method is
going to be the way cross-border transactions will be
facilitated. We don't want to have a U.S. model that allows
judicial second guessing or to have such a model adopted by
other countries.
Ms. McCarthy. I appreciate your involvement in this
process. I understand the National Governors' Association is
engaged in it, as well, with the National Conference. I would
hope the National Conference of State Legislatures would be
included, because an awful of lot these States have measures
already enacted. It is imperative that those voices be at the
table as well.
Mr. Chairman, you have been so gracious and kind. I thank
you for extending this time for me.
Mr. Tauzin. Well, I beg to differ. I have never met anyone
more gracious than you, Ms. McCarthy. I thank you for that.
Let me thank you all, in fact, for your patience and your
kindness in educating us. I have always called this one of the
best universities in America that we attend. We have a chance
to do what Mr. Largent did, which is to say, ``Do that again so
I can understand it.'' We learn. You have taught us a lot
today.
Let me point out, Ms. McCarthy, that one of the problems we
have in this debate we are going to have over preemption is the
fact that there are a number of States who have adopted
``digital signature only,'' and authentification technology
``certified by the State only;'' which runs counter to the
technology-neutral concept that is embodied in this bill. For
example, the biometrics concepts of iris identification would
not be allowed in a number of these State jurisdictions because
of the fact that is not an authentication technology approved
by the State. It is not a digital signature technology as
required by the State.
So we are going to have a little difficulty in working that
out. I think the best admonition is that we do it in a way that
sets a national standard, but doesn't preclude improvements
that the Uniform Code authorities eventually might want to
bring to States and to the national government in the future,
as technology continues to teach us that there are different
ways to do things than the way we did it yesterday.
Let me finally say that it was a learning lesson for us
that some of you asked that we e-mail our invitations to you to
come to this hearing today. We had to--regrettably--inform you
that we couldn't do so because we could not authenticate the
source of that e-mail; and you might not, therefore, have been
officially invited to attend here today. Next time, perhaps,
when we invite you we will have a system in place where we can
communicate with you; and in this e-commerce world,
authenticate who we are. You can authenticate your identities
to us. We can maybe establish a hearing in cyberspace where you
will not even have to get through the traffic jams in Northern
Virginia, as Mr. Upson did, to be with us.
Thank you very much for teaching us today. The hearing
stands adjourned.
[Whereupon, at 12:10 p.m., the subcommittee was adjourned.]
[Additional material submitted for the record follows:]
Prepared Statement of the Business Software Alliance
Introduction
The Business Software Alliance (BSA) appreciates the opportunity to
provide our views on H.R. 1714, the ``Electronic Signatures in Global
and National Commerce Act'' (E-SIGN). BSA's members represent the
fastest growing industry in the world, and are leaders in the
development of products and services that support electronic commerce
and enhance consumer convenience. BSA's worldwide members include
Adobe, Attachmate, Autodesk, Bentley Systems, Corel Corporation, Lotus
Development, Microsoft, Network Associates, Novell, Symatec and Visio.
Additional members of BSA's Policy Council include Apple Computer,
Compaq, IBM, Intel, Intuit and Sybase.
Facilitating Electronic Commerce
Electronic commerce is the American success story of the decade.
The value of commercial transactions taking place on the Internet is
expected to double, even triple, annually as consumers and businesses
grow to understand the vast communications and commercial potential of
the Internet as a medium of commerce. According to Forrester Research
Inc., business-to-business e-commerce is expected to top $1.3 trillion
by the year 2003. Consumers are also increasingly purchasing goods and
services online. Forrester Research estimates that consumers spent $8
billion in 1998 on the Internet, buying books, CDs, clothing and other
items.
The growing electronic marketplace provides unparalleled
opportunities for economic growth worldwide. However, the willingness
of both consumers and commercial firms to engage in electronic
contracting and other critical aspects of commerce online will depend,
in large measure, on reliable, well-developed legal structures
governing the formation of electronic contracts and the rights of
parties thereto. It is an unavoidable fact that parties will be
deterred from contracting and fully utilizing the commercial potential
of the Internet if the governing legal rules are uncertain and thus
their risks unascertainable. This is especially true in the online
world that knows no geographic boundaries. Such an environment places a
premium on harmonious legal structures that do not depend on state or
international borders, allowing parties to form electronic contracts
without undue concern as to their validity and enforceability. The need
for certainty in the governing legal rules of e-commerce goes well
beyond the ability to ``contract'' electronically. For example, users
of design and architectural software would gain tremendous efficiencies
if professional engineers were able to electronically ``seal'' drawings
by virtue of a digital signature. This would be the functional
equivalent of placing a stamp on the physical drawing signifying that
this person, with expertise, has signed off on the drawing. A
consistent set of rules relating to electronic signatures is required
for this to ever become a reality.
This goal is threatened by a dizzying array of state legislation
governing electronic signatures. These state laws and policies range
from highly detailed, prescriptive statutory regimes to very general
enabling statutes. If parties are left with no alternative other than
to navigate a maze of potentially inconsistent and inadequate state
laws, the growth of a seamless and frictionless electronic commerce
marketplace will be thwarted. Although the Uniform Electronic
Transactions Act (UETA)--a long-running effort that seeks to provide a
common model electronic signature law for the states' consideration--
will receive final consideration at the July, 1999, meeting of the
National Conference of Commissioners on Uniform State Laws (NCCUSL),
the prospects for comprehensive, consistent and timely action by all
fifty states with respect to UETA remains uncertain at best.
Federal legislation is therefore necessary to bring certainty and
reliability to electronic transactions, thereby encouraging greater
confidence in electronic commerce. This is not simply an important
consumer issue; it is an important business issue. Consumers may be
willing to conduct small transactions in the online environment despite
the uncertainty regarding their legal rights and the effectiveness of
their actions precisely because their transactions are of small value.
Businesses, however, will be more reluctant to undertake large
transactions online unless the rules governing their transactions are
reasonably well developed and understood. In the end, online commerce
has to encourage business-to-business transactions if it is to achieve
its full potential.
The development of appropriate rules to foster online commerce in
the United States has real import for the competitiveness of our
economy. Europe, for example, is rapidly moving to put in place a
detailed EU directive on electronic signatures, and the United States
cannot afford to fall behind with respect to the development of a
coherent, effective legal structure that supports and fosters online
commerce. Electronic commerce will achieve its potential only if
governments domestically and around the world create sound legal
structures that bring certainty and predictability to electronic
transactions so that electronic commerce can become a secure,
ubiquitous and global marketplace.
Comments on the ``Electronic Signatures in Global and National Commerce
Act'' (H.R. 1714)
BSA supports H.R. 1714, and views it as a very positive step
forward in developing an effective legal structure for online commerce
in the United States. H.R. 1714 is consistent with a number of basic
principles, outlined below, that BSA considers essential to support
electronic contracting. However, in two limited respects, BSA believes
H.R. 1714 should be clarified to afford parties true flexibility in
electronic contracting, and enable all forms of electronic signatures
to thrive in business-to-business electronic commerce.
(1) Technology Neutrality. BSA considers it essential that federal
electronic signature legislation be technology neutral. No one knows
precisely how electronic signature products will develop. However, all
agree that the market will demand a variety of products and services
offering varying levels of cost and security, and that users will
select the appropriate mix of cost and security based on the value of
the particular transaction. To ensure that industry can provide
electronic signature products and services that meet the whole range of
consumer needs, the regulatory framework must be sufficiently flexible
to permit and recognize new signature technologies so as not to stifle
innovation. H.R. 1714, which does not mandate or provide legal or other
advantages to certain technologies, is consistent with this important
principle.
(2) Non-Discrimination. Federal electronic signature legislation
should ensure that electronic signatures, and the contracts and records
to which they are attached, generally are not subject to rules and
requirements that are more onerous than those applicable to traditional
signatures and contracts. Any exceptions to this basic principle of
non-discrimination should be narrowly drawn and clearly defined. H.R.
1714 appropriately advances this principle, drawing narrow exceptions
only for rules relating to wills, codicils or testamentary trusts, and
to adoption, divorce or other matters of family law, all of which BSA
finds acceptable.
(3) Market Driven Technical Standards. Federal electronic signature
legislation should not impose mandatory technical standards regarding
electronic signature products or extend legal benefits only to
signatures generated by products meeting certain prescribed technical
standard. Although some standardization may benefit consumers, the
information technology sector has been very successful in developing
necessary technical standards through consumer choice and industry
consensus. Such market-driven standards fully respond to consumer
demand and avoid the rigidity of government-imposed, mandatory
standards that would inevitably impede technological development,
distort markets in electronic signature products, and ultimately
restrict consumer choice. H.R. 1714 is consistent with this principle
in that it does not impose any technical standards for electronic
signature products.
(4) Closed System and Limited-Use Certificates. Federal electronic
signature legislation should be drawn broadly enough to give legal
effect to electronic signatures that are used in closed systems or that
are accompanied by limited-use certificates. In both instances, a
signatory is allowed to access information, utilize services or engage
in particular transactions based on a preexisting relationship between
the signatory and the recipient (e.g., employment of the signatory by
the recipient; signatory's membership in a buying cooperative operated
by recipient). As a result, the signatory and the recipient are fully
aware of the limited permissible uses of the electronic signature and
any accompanying certificate. It is anticipated that the use of
electronic signatures within closed systems and with limited-use
certificates will be major component of electronic commerce, and
therefore it is vital that electronic signatures be given full legal
effect and recognition in such contexts. H.R. 1714 is consistent with
this principle in that its definition of electronic signature is broad
enough to encompass electronic signatures used in closed systems or
accompanied by limited-use certificates.
(5) Federal Preemption. Federal electronic signature legislation
should include a preemption provision that reasonably balances the
interest of the states with the need to develop in a timely fashion, a
coherent, harmonious set of rules to govern the use of electronic
signatures and electronic records throughout the United States. Thus,
in those instances where states have enacted rules that are not
consistent with the basic principles established in federal legislation
or where states simply have not acted to provide the necessary legal
rules for the use of electronics signatures, uniform federally
established rules would govern and facilitate the use of electronic
signatures. H.R. 1714 is consistent with this principle in that it
provides a set of federal rules regarding the non-discriminatory
recognition of electronic signatures, but allows the states a
reasonable opportunity to legislate their own rules governing the use
of electronic signatures so long as such rules are consistent with the
basic principles reflected in the bill.
(6) International Harmonization. Federal electronic signature
legislation should be carefully crafted so as not to impose any legal
rules that discriminate against, or preclude the use of, electronic
signatures from other countries. Electronic commerce is truly
borderless. Accordingly, federal legislation should provide equivalent
treatment for all electronic signatures, whether generated within the
United States or abroad. This is important not only to facilitate the
use of electronic signatures within our borders, but also to encourage
other nations to afford comparable treatment to electronic signatures
generated in the United States. H.R. 1714 is consistent with the
principle in that it does not establish any federal rules that
discriminate against electronic signatures generated outside the United
States.
(7) Party Autonomy. Federal electronic signatures legislation
should expressly incorporate and support the principle of freedom of
contract among private parties with respect to the terms and conditions
on which they will accept and use electronic signatures and electronic
records. Parties should be free, on an informed basis, to establish by
agreement the terms and conditions (including choice of law rules and
rules of liability) on which they will use and accept electronic
signatures for purposes of contracting and otherwise. The ability to
vary electronic signature rules by agreement will enable parties to be
responsive to the needs and demands of the marketplace, and will
thereby facilitate the growth of electronic commerce. H.R. 1714
generally is consistent with this principle, although the language of
the bill's party autonomy provision (Sec. 101(b)) warrants limited
revision to clarify its applicability to all terms and conditions on
which parties will use and accept electronic signatures. BSA has
attached suggested language to clarify this provision.
(8) Electonic Agents. Federal legislation governing electronic
signatures should encompass signatures; generated by so-called
electronic agents--that is, by computer programs that initiate or
respond to messages without human intervention--in business-to-business
transactions. Electronic agents already are in widespread use in
systems where they effect transactions on behalf of principals, who
have created such agents and authorized them to act on their behalf
(e.g., in online supplier and data exchange systems). As electronic
commerce grows, the use of electronic agents is expected to become even
more prevalent, for electronic agents facilitate more efficient conduct
of online commerce. Within this context, if electronic commerce is to
reach its full potential, electronic signatures generated by electronic
agents must be given the same legal effect as electronic signatures
generated by principals themselves. It is unclear whether H.R. 1714 in
its current form encompasses electronic signatures generated by
electronic agents. BSA has attached suggested language to make clear
that electronic agent-generated signatures are covered by the bill's
provisions.
conclusion
H.R. 1711 appropriately recognizes that, for electronic commerce to
achieve its potential, transparent and predictable legal structures
must be established that support global business and commerce. BSA
supports H.R. 1714, and appreciates the opportunity to provide its
comments on this important piece of legislation. BSA's member companies
and its staff stand ready to serve as a resource for the Subcommittee
and its staff with regard to BSA's suggested revisions and any other
issues relating to this critically important topic.
�