STATEMENT OF ANDREW J. PINCUS
GENERAL COUNSEL
U.S. DEPARTMENT OF COMMERCE
TELECOMMUNICATIONS, TRADE AND CONSUMER PROTECTION SUBCOMMITTEE
HOUSE COMMITTEE ON COMMERCE
H.R. 1714,
the "ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE ACT"
Mr. Chairman, members of the Subcommittee, thank you for inviting me to testify today about H.R. 1714, the "Electronic Signatures in Global and National Commerce Act." As suggested in your letter inviting me to testify at this hearing, Mr. Chairman, my statement addresses the Administration's views concerning only titles I and II of the bill. Also, other agencies, including the Department of Justice, are reviewing this legislation and may have additional comments or concerns.
It is now an undeniable fact that the Internet is revolutionizing every aspect of business, not just in our country, but throughout the entire world. Although the amount of commerce conducted over the Internet is small as a percentage of our total economy, it is growing at a very rapid rate. In early 1998, experts estimated that Internet retailing might reach $7 billion by the year 2000. In all likelihood, this level was exceeded last year, and forecasters now project on-line retail sales greater than $40 billion by 2002. Similarly, in last year's Emerging Digital Economy Report, we noted that forecasters were suggesting that electronic commerce might rise to $300 billion by 2002. More forecasters now consider the estimate to be low, with Forrester Research estimating that all electronic commerce (including business-to-business activity) will rise to $1.3 trillion by 2003.
The Framework for Global Electronic Commerce issued by President Clinton and Vice President Gore in July 1997 pointed out that "[m]any businesses and consumers are still wary of conducting extensive business over the Internet because of the lack of a predictable legal environment governing transactions." President Clinton directed Secretary Daley to "work with the private sector, State and local governments, and foreign governments to support the development, both domestically and internationally, of a uniform commercial legal framework that recognizes, facilitates, and enforces electronic transactions worldwide." The Framework identified several key principles to guide the drafting of these legal rules:
The basic legal framework needed to enable electronic transactions in a commercial context consists of two essential elements. First is the elimination of statutory rules requiring paper contracts. There is a broad consensus that -- with the exception of a few specialized agreements (wills and property deeds, for example) -- parties' electronic agreements should have the same legal status as paper agreements.
The second element involves when and how an electronic commercial contract becomes legally binding on, and therefore enforceable in court against, a person or entity that is a party to the contract. In the off-line world, the key question is whether a party has manifested its intent to be bound by the contract, which generally occurs through a written record, and often, affixing a written signature to that written record. A signature, however, often is not a legal requirement (for example, a binding contract may be formed through an exchange of telegrams). The issue is, how can we apply and use long-standing commercial principles in connection with transactions in cyberspace?
As in the off-line world, there are a large variety of means by which a party may electronically evidence his agreement to the terms of a contract -- what has come to be termed "electronic authentication." He could type his name at the end of an e-mail message containing the terms of the agreement. He could end the message with a previously agreed-upon code-word. He could end the message with an electronic facsimile of his written signature created by using an electronic stylus. He could "sign" the message using some form of digital signature technology. He could also "sign" the message using some form of biometric technology. Moreover, the technology models are evolving rapidly, and we will see further new technologies in the future. The private sector today is using a variety of forms of electronic authentication.
One other variable is important in understanding the legal standards governing electronic authentication. When electronic commerce was first beginning, some observers imagined a world in which everyone would have a single, universal digital identifier that would be used to authenticate each individual's electronic transactions. That would enable each individual to surf the Internet and enter into transactions with anyone he encountered, confident that the other party's digital identifier provided a legally valid means of identifying that party in the event the transaction ended up in court.
Although the future may see creation of both a market and the infrastructure needed for such as system to authenticate transactions, it does not exist now and is not likely to exist in the near term (and probably not even in the medium term). Most of today's electronic transactions occur in what are termed "closed systems" -- systems in which parties that already are related in some manner conduct electronic transactions with each other pursuant to a system that the parties have agreed by contract or practice to utilize for that purpose. This model is reflected in sectors as diverse as manufacturing and banking and financial services where commercial parties establish the technological approach they will rely on, as well as the rules by which they will operate, assign risk and settle disputes. One example is the effort by the three major U.S. auto makers to develop on a unified basis a global system to tie product development together with more than 15,000 suppliers operating around the world. This Automotive Exchange Network will begin operating this fall. In a more traditional vein, the international network by which credit transactions are managed is predicated in large part on a series of agreements between banks and retailers, and by users. And, as a further example, the consortia of financial institutions that established Identrus enabled companies to conduct worldwide trusted business-to-business electronic commerce with any member of their network.
With this background, I would like to describe briefly what we in the Commerce Department have been doing over the last two years to carry out the President's directive to support creation of an appropriate legal framework for electronic commerce.
State law has long supplied the basic standards governing private commercial transactions within the United States. The National Conference of Commissioners of Uniform State Law (NCCUSL) has been working since early 1997 to adapt these legal standards to cyberspace by drafting a new model "Uniform Electronic Transactions Act" (UETA) to establish a predictable, minimalist framework to provide legal recognition to both electronic records and electronic signatures. The NCCUSL process involves broad consultation with legal experts and other interested parties, and permits observers to attend and participate in meetings of the drafting committees. As this Committee knows, NCCUSL's primary task is to determine which areas of the law would benefit from uniformity, and to write and recommend uniform laws to State legislatures for enactment. NCCUSL has written more than 200 uniform laws, including the Uniform Partnership Act, the Uniform Trade Secrets Act, the Uniform Probate Code, the Uniform Limited Partnership Act, and the well-known Uniform Commercial Code, a joint project with the American Law Institute. I understand that the UETA will receive final consideration at the NCCUSL Annual Meeting to be held at the end of July. If, as expected, the UETA is finally approved, it will be submitted to the States for adoption.
In our view, taking into account the principles that guide the Administration's policy in this area, the current UETA draft will provide an excellent domestic legal framework for electronic transactions, as well as a strong model for the rest of the world. It is enabling, not prescriptive, and also technologically neutral. We hope that this measure will be adopted quickly by the States.
The Government Paperwork Elimination Act passed by Congress last year addresses the appropriate balance to be struck by the Federal Government in selecting technologies for use in its communications with non-government entities and persons.
Let me turn to the international arena, where the situation is more complicated, and where our efforts focus on ensuring that our principles form the basis for enabling electronic commerce worldwide.
On the one hand, there is a broad consensus, reflected in the UNCITRAL Model Law on Electronic Commerce adopted in 1996, that communication of legally significant information in electronic form may be hindered by legal obstacles to the use of such data, or by uncertainty as to their legal effect or validity. The Model Law offers a set of internationally acceptable rules as to how such legal obstacles may be removed and a more secure legal environment may be created to facilitate electronic commerce across national borders. We are pleased that the U.S. efforts in the UETA are built on this international consensus.
On the other hand, with respect to electronic authentication, at least two different legal models are developing internationally. The first is the model represented by the UETA and the UNCITRAL Model Law, which eliminates barriers to electronic agreements and electronic signatures but does not grant special legal status to any particular type of authentication.
The second model provides for a greater degree of government regulation of authentication services. It allows a government to create a preference for one or more forms of electronic authentication by establishing specific technical requirements for electronic signatures and often providing a presumption that electronic contracts signed using that methodology are
legally binding. The European Union's Electronic Signatures Directive, scheduled to be considered by the Parliament this fall, follows this approach.
Since July 1997, we have been consulting with countries to encourage their adoption of an approach to electronic authentication that will assure parties that their transactions will be recognized and enforced worldwide. Under this approach, countries would: (1) eliminate paper-based legal barriers to electronic transactions by implementing the relevant provisions of the 1996 UNCITRAL Model Law on Electronic Commerce; (2) reaffirm the rights of parties to determine for themselves the appropriate technological means of authenticating their transactions; (3) ensure any party the opportunity to prove in court that a particular authentication technique is sufficient to create a legally binding agreement; and (4) state that governments should treat technologies and providers of authentication services from other countries in a non-discriminatory manner.
We have been successful in encouraging the adoption of this approach in a variety of multilateral and bilateral contexts. In October 1998, the OECD Ministers approved a Declaration on Authentication for Electronic Commerce affirming these principles. In addition, we negotiated joint statements affirming these principles with several important trading partners, including France, Japan, Korea, Ireland, Australia and the United Kingdom. Further, we have asked UNCITRAL to consider a binding international convention on electronic transactions that would embody these principles. (A copy of this proposal is attached.)
Let me now turn to the provisions of H.R. 1714. Subsection (a) of Title II requires the Secretary of Commerce, acting through the Assistant Secretary for Communications and Information, within 90 days of enactment, to complete a comprehensive inquiry to identify, among other things, any domestic or foreign impediments to commerce in electronic signature products and sources. This study would be updated annually. Although such a study would provide useful information, we of course do not have sufficient resources to examine for ourselves the legal rules of every State and every country. If a study were authorized, therefore, we would base our report upon information obtained as a result of outreach to the private sector.
Title II also requires the Secretary of Commerce to promote internationally the acceptance and use of electronic signatures in accordance with principles spelled out in section 201(b)(2). As I have discussed, we believe that the global nature of electronic commerce mandates close consultation with other countries to ensure that the legal standards for the formation of electronic contracts foster, rather than obstruct, cross-border electronic transactions. We plan to continue those efforts.
In general, the principles set forth in section 201(b)(2) are consistent with those that we have espoused with respect to these issues. We do have a few suggestions regarding the particular language of this section.
First, we are concerned that section 201(b)(2)(C), dealing with the autonomy of parties to electronic transactions, might be read to allow government regulation of such transactions, because the modifier "reasonable" could be read to permit government second-guessing of the parties' choice of authentication method. In addition, the paragraph does not clearly state that agreed-upon authentication measures must be given legal effect.
Second, because the fourth principle (section 201(b)(2)(D)) applies only where there is an agreement among the parties, it does not encompass the general principle that, even in the absence of an agreement, electronic records and electronic signatures should as a general matter have the same legal status as their paper equivalents.
Third, these principles apply with respect to the legal framework established by governments for private commercial transactions. But governments will also be making decisions concerning authentication technology as market participants -- for example in selecting the particular technology to use in entering into government contracts electronically or in providing various types of government benefits to citizens. In that situation, governments will not be able to observe the neutrality principle set forth in section 201(b)(2)(B), because they will have to choose among competing authentication providers.
We would be happy to work with the Subcommittee on these and other drafting issues. Also, because the Commerce Department's current efforts with respect to these issues are led by the General Counsel's office, with support from several bureaus within the Department in addition to the National Telecommunications and Information Administration (NTIA), we request that any responsibilities conferred by the bill upon this agency be vested in the Secretary alone so that he may organize the Department's implementation of the law in the most effective and efficient manner possible.
Title I of the bill focuses on the domestic legal standards governing electronic contracts. It appears to extend to both government transactions (both Federal and State) and agreements between private entities. For such agreements, section 101 requires that agreements and signatures in electronic form be given the same legal effect as written agreements and written signatures. It would also enable the parties to establish "reasonable requirements" regarding the types of electronic records and electronic signatures acceptable to them.
With respect to private commercial agreements, as I have discussed, State law has long supplied the governing legal standards. Through the NCCUSL process, our commercial law has been made consistent nationwide and is the envy of the world. We believe that strong evidence of a problem should be required before casting aside this tried and true method for establishing the legal standards for commercial transactions.
We do not believe that the case has been made for overriding this State law process. Some have expressed concern about the current lack of uniformity among the States on these issues, but they have not been able to point to any real-world problems in this specific area that are currently obstructing the development of electronic commerce. Rather, the concern appears to be that at some point in the future, the absence of uniform legal standards for electronic authentication will create a problem.
The issuance of the UETA at the end of July responds directly to this concern. The States will then have the basis to adopt uniform rules. It is true that the State adoption process has in the past taken a number of years, but there is considerable eagerness among the States to foster the development of electronic commerce. Accordingly, there is reason to believe that adoption of this measure may proceed at a quicker-than-usual pace.
Of course, if the States do not act in a timely manner, problems could well develop and then it would become necessary to use Federal law to fill the gap created by less than unanimous enactment of the UETA. But I believe it is appropriate to work with the NCCUSL process to urge the States to act promptly and responsibly in this area, and to give the States time to act -- before creating a new regime of Federal law.
Caution is also appropriate because enacting specific Federal rules may be a cure that is worse than the disease. As the UETA is adopted by the States, there may be disputes about the extent to which it satisfies the Federal standard and the extent to which State law rules left undisturbed by the UETA are nonetheless invalid under section 101 or saved by section 102(a). Although H.R. 1714 does not create a private right of action, it presumably would permit any party in an action to enforce (or invalidate) an electronic contract to argue that section 101 overrides (or saves) the State law rules invoked by the other party. Rather than creating uniformity and certainty, therefore, Federal standards might compound the uncertainty over the governing legal rules.
We also have concerns about section 102(c), which would empower and require the Secretary of Commerce to bring actions to enjoin the enforcement of State statutes, regulations or rules prohibited by this Act. As a practical matter, the simple availability of this injunctive authority could undermine confidence in the validity of States' laws and regulations affecting electronic commerce, and significant use of this authority would cause additional uncertainty and delay in clarifying both State and federal laws in this area.
Let me also mention some specific concerns about the language of Title I.
First, section 101(b), which is designed to enable contractual systems, is limited to "reasonable" requirements established by the parties and therefore could lead to judicial second-guessing of the validity of an authentication method chosen by the parties. The provision also does not make clear that the type of electronic signature chosen by the parties should be accorded legal effect (as evidencing the intent of the parties to bind themselves to the terms of the contract).
Second, although section 102(a) allows the States to supersede the Federal rules, paragraph (a)(3) places a two-year time limit on their authority to do so. Given the rapidly
evolving nature of the Internet, and of technology in general, we do not believe it would be appropriate to limit the States' power in this manner.
Third, section 102(b)(4) bars the States from superseding section 101 in a manner that "is otherwise inconsistent with the provisions of section 101." Because any State measure that is preempted by section 101 would be inconsistent with that provision, this paragraph of section 102(b) could be read to eliminate all State authority to supersede section 101.
Fourth, H.R. 1714's definition of "electronic signature" (section 104(2)) combines two separate concepts - the identity of a party to the transaction and that party's intention to be bound to the agreement, on one hand, and the integrity of the document on the other hand. The UETA separates these concepts (see the separate definitions of "electronic signature" and "security procedure"). This separation is important because, for example, some methods of "signing" do not, by themselves, ensure the integrity of the document (but may rely on other approaches for this function), and those technological methods would appear not to receive protection under the bill's definition, regardless of the intent of the parties.
Fifth, we are concerned about the effect of Title I on the ability of the Federal Government, and of State governments, to choose particular authentication methods for use in government contracting or in distributing government benefits. In making those decisions, there obviously will be rules, and perhaps statutes as well, that require the use of certain types of electronic authentication in order for the agreement to be binding. This problem could be solved by focusing Title I on government steps to enable private transactions and excluding government transactions from its scope.
Thank you Mr. Chairman. I would now be happy to answer any questions you may have.
DRAFT INTERNATIONAL CONVENTION
ON ELECTRONIC TRANSACTIONS
CHAPTER I:
Proposed Goal of Chapter I: To set forth any necessary definitions. To be developed after Chapter II and III.
CHAPTER II:
Proposed Goal of Chapter II: In order to implement the legal rules articulated in the second section, as set forth below, it may be necessary for states to review their existing and proposed legislation to assure that it is appropriately tailored to electronic transactions. In order to facilitate such review and adoption on a harmonized basis, the following general obligations are proposed as the framework states should use to support electronic transactions on a global basis.
POSSIBLE LANGUAGE:
II. General Obligations
To encourage the free flow of electronic transactions and to avoid the creation of barriers to these transactions, subject to overriding public policy, the Contracting States hereby agree as follows:
Contracting States recognize that parties to a transaction may determine the method of authentication for that transaction. Recognizing that parties may make this determination and recognizing that this determination should have the legal effect intended by the parties, the Contracting States agree as follows:
Further, Contracting States recognize that cryptography is not the sole means of proving the source or existence of a message. Recognizing that parties may establish the source or existence of a message in different ways, Contracting States agree as follows:
Electronic Authentication methods should not be "locked in" through legislative fiat but rather should allow for changing applications for existing and future technologies. Therefore, the Contracting States agree that:
Authentication technologies may be implemented and used by businesses in ways that were not originally envisaged when legislation was passed. Recognizing that technology may be used for purposes such as establishing age or authority, which may go beyond verifying identity and achieving non-repudiation, and recognizing that business models for authentication may not use third parties, the Contracting States agree that:
To remove barriers to the free flow of electronic transactions and to avoid the creation of new barriers, subject to overriding public policy, the Contracting States agree that:
CHAPTER III:
Proposed Goal of Chapter III: To recognize the acceptability of electronic signatures for legal and commercial purposes, define the characteristics of a valid electronic writing and an original document, support the admission of electronic evidence and the electronic retention of records. These provisions would be drawn from the enabling provisions of the UNCITRAL Model Law on Electronic Commerce.
POSSIBLE LANGUAGE:
III. Specific Obligations
Contracting States recognize the work of the United Nations Commission on International Trade Law and the importance of establishing its governing provisions on a uniform, international basis. Contracting States also recognize information is increasingly generated, stored, sent, received or otherwise processed electronically, rather than in a paper based form. Recognizing these important business practices, the Contracting States hereby agree on the following:
Information shall not be denied legal effect, validity or enforceability solely on the grounds that it is in the form of a data message. [Source Model Law on Electronic Commerce Article 5]
(1) In the context of contract formation, unless otherwise agreed by the parties, an offer and the acceptance of an offer may be expressed by means of data messages. Where a data message is used in the formation of a contract, that contract shall not be denied validity or enforceability on the sole ground that a data message was used for that purpose.
Contracting States recognize that the formal requirements that currently exist under many legal regimes may constitute insurmountable barriers to the conduct of electronic transactions on an international basis. As a result, there is a paramount need for assuring that electronically transmitted messages are allowed to satisfy these formal requirements subject to overriding public policy. Therefore, the Contracting States agree as follows:
(1) Where the law requires information to be in writing, that requirement is met by a data message if the information contained therein is accessible so as to be usable for subsequent reference.
(1) Where the law requires a signature of a person, that requirement is met in relation to a data message if:
(a) a method is used to identify that person and to indicate that person's approval of the information contained in the data message; and
(b) that method is as reliable as was appropriate for the purpose for which the data message was generated or communicated, in the light of all the circumstances, including any relevant agreement.
(2) Paragraph (1) applies whether the requirement therein is in the form of an obligation or whether the law simply provides consequences for the absence of a signature.
(1) Where the law requires information to be presented or retained in its original form, that requirement is met by a data message if:
(a) there exists a reliable assurance as to the integrity of the information from the time when it was first generated in its final form, as a data message or otherwise; and
(b) where it is required that information be presented, that information is capable of being displayed to the person to whom it is to be presented.
(2) Paragraph (1) applies whether the requirement therein is in the form of an obligation or whether the law simply provides consequences for the information not being in writing.
(3) For the purposes of subparagraph (a) of paragraph (1):
(a) the criteria for assessing integrity shall be whether the information has remained complete and unaltered, apart from the addition of any endorsement and any change which arises in the normal course of communication, storage and display; and
(b) the standard of reliability required shall be assessed in the light of the purpose for which the information was generated and in the light of all the relevant circumstances.
(4) The provisions of this article do not apply to the following . . . [limited exception]. [Source: Model Law on Electronic Commerce Article 8]
The Contracting States recognize that the inability of parties to prove the existence of electronic transactions in the event of dispute and formal judicial proceedings may itself be an inhibition to the conduct of electronic transactions. To assure the legal equivalence of electronic documents with paper based ones, the Contracting States agree that:
(1) In any legal proceedings, nothing in the application of the rules of evidence shall apply so as to deny the admissibility of a data message in evidence:
(a) on the sole ground that it is a data message; or,
(b) if it is the best evidence that the person adducing it could reasonably be expected to obtain, on the grounds that it is not in its original form.
(2) Information in the form of a data message shall be given due evidential weight. In assessing the evidential weight of a data message, regard shall be had to the reliability of the manner in which the data message was generated, stored or communicated, to the reliability of the manner in which the integrity of the information was maintained, to the manner in which its originator was identified, and to any other relevant factor. [Source: Model Law on Electronic Commerce Article 9]
Contracting States further recognize that requirements for record retention, which exist both as a matter of law and business practice, may prove to be obstacles for electronic transactions. The Contracting States agree, therefore, that:
(1) Where the law requires that certain documents, records or information be retained, that requirement is met by retaining data messages, provided that the following conditions are satisfied:
(a) the information contained therein is accessible so as to be usable for subsequent reference; and
(b) the data message is retained in the format in which it was generated, sent or received, or in a format which can be demonstrated to represent accurately the information generated, sent or received; and
(c) such information, if any, is retained as enables the identification of the origin and destination of a data message and the date and time when it was sent or received.
(2) An obligation to retain documents, records or information in accordance with paragraph (1) does not extend to any information the sole purpose of which is to enable the message to be sent or received.
(3) A person may satisfy these requirement referred to in paragraph (1) by using the services of any other person, provided that the conditions in subparagraphs (a), (b) and (c) of paragraph 1 are met. [Source: Model Law on Electronic Commerce Article 10]