ESIGN PUBLIC WORKSHOP Tuesday, April 3, 2001 FEDERAL TRADE COMMISSION P R O C E E D I N G S MS. HARRINGTON: It's time to begin. Thank you, and I am going to turn this over to Jodie Bernstein for a few welcoming and opening remarks. MS. BERNSTEIN: Good morning, everybody. We are delighted to see all of you here this morning. And we want to start on time because, as always, we have a full agenda which I know will be a very productive session. So, thank you all for coming on behalf of the Bureau of Consumer Protection, and the U.S. Commerce Department, as well. Actually, the NTIA is really represented here this morning down at the end of the table and we're delighted to be able to do this together with them, because if, for no other reason, that Congress directed us to do this together, but we would have done it anyway. We would have done it anyway. And as you know, it is a fairly discrete specific kind of requirement that the Congress inserted into the statute directing us to assess burdens and benefits involved in meeting the, quote, "reasonable demonstration" requirement that is in the statute, and asked us to report back to the Congress by June 30th. Your comments that some of you have already submitted and your participation today will obviously be of great assistance to us. We've used these workshop formats on a number of subjects, and on occasion with the Commerce Department with NTIA, it's worked very effectively. And we look forward to that as we prepare the report, but today's discussion will be critical in informing ourselves. So, again, thank you for participating. We know it will be a full day. And again, welcome, and we need to make a thank you to VeriSign for the coffee and goodies out in the hall. So, thank you all very much, and it will sweeten our morning. MS. HARRINGTON: Thank you, Jodie, and as always, you're setting the standard, you finished your remarks two and a half minutes ahead of schedule and that's how we intend to conduct the whole day, that is right on schedule or maybe even just slightly ahead of. Let me go over a few of the housekeeping and procedural matters that you need to know about. First of all, many of you received from Eric -- Eric, raise your hand -- public comment cards, and we have more of those. There is at the end of the day, a portion of the day set aside for participation from the public for those of you who are here, but not sitting at the table, to engage in the discussion. And if you wish to participate during that portion of the day, we need you to fill out a card telling us who you are and if you have some representational status, tell us about that, too, so that we can gauge the number of people who want to participate during that portion of the program, and allocate the time correctly and make sure that we get to each one of you. Second, we have overflow space in Room 332. As you see, this is being telecast on closed circuit within the building, and so if you don't want to be in this room, either because you can't find a chair or whatever, feel free to go to Room 332. Beginning at noon, and continuing until the end of the day, we have in the overflow room some demonstrations by vendors and technologists of procedures that might be used or are being used to comply with various aspects of the consumer consent provisions in ESIGN. We think that's pretty interesting stuff and we would urge you to go down there and take a look. During our roundtable discussions, which begin with the legal issues panel at 9:30, here is the process: For discussants who wish to participate, we ask you to just raise your name tag up, set it on end, and the moderators will recognize you in whatever order seems to make sense for the flow of the discussion. Now, an important point that we want to make is that today's goal is to really advance the discussion of these issues and not to rehash what people have already submitted in very fine and substantive comments. So, moderators will be assertive in making sure that what we're having here is a discussion and not a series of speeches. We want participants to talk to one another, to challenge each other. If we have participants with significantly opposing views, we hope that you will talk to each other, because we have asked you to participate, principally based on your expertise and knowledge, and we, the staff of the NTIA and the FTC, presume that the participants know a lot more about these specific areas of concern than we do. So, we need you to help us flush out the issues, challenge one another, refine thinking. Our experience is that as a result of these discussions, and we've had, as Jodie said, many, many workshops like this here at the FTC, some with our colleagues from the NTIA, and our experience is that by the end of the day, we find that there is often more agreement than disagreement and that people's thinking is often modified as a result of listening and talking with each other. So, that said, are there any other housekeeping details that we need to touch on? MS. MAJOR: Mike Pazyniak asked me -- Mike, stand up -- MS. HARRINGTON: Into the microphone, please. MS. MAJOR: If anybody regarding the tech demos has any questions, that you should see Michael and he will help you. MS. HARRINGTON: Okay, and one other very important point, any time someone speaks, you need to speak into the microphone so that the people downstairs in the overflow room can hear what you are saying, and we also have webcasting of this session today, so there may even be people out there who are listening to this program. And we also have email participation as an option for people in the public who are not here and want to email in their questions that we can get to either during the discussions or during the public participation session. We invite those of you tuning in on the Internet to send us your questions. And I believe that the instructions for doing that can be found on the FTC website, FTC.gov. That said, let's start. We are going to hear from three very thoughtful commenters. We're asking them to give us about five to six minutes of overview comments that set the stage for this discussion. We are interested in hearing them highlight issues of consensus, controversy, disagreement, and to help us set the stage for the discussion. So, we're going to begin by hearing from Margot Saunders who is with the National Consumer Law Center. Margot, do you want to grab a microphone there. And for all of our presenters who we're so grateful to, let me just warn you, I'll be watching the clock. MS. SAUNDERS: Thank you very much for inviting me here today. I have a lot to say, but apparently I have a lot of opportunity to say it, so I'll try to spread it out all over the day. Can you hear me all right? Let me first explain that the National Consumer Law Center is a public interest law firm that represents low income consumers, and we became involved in this issue at first very reluctantly, because we didn't believe that electronic commerce issues were very relevant to the very poorest of the poor who we represent. And then we read ESIGN, the electronic signature bill that we're talking about today, just as on the day that it was set to go through the Senate on unanimous consent in August 1999. And realized that it said, quite starkly, that a writing should -- a writing -- a legal requirement for a writing would be satisfied by an electronic record. Sitting by itself as it did in that law, and as it does -- as that language does in the Uniform Electronic Transactions Act, created quite a bit of stir among the legal services advocates, because we realized that the first thing that would happen to many low income people is they would be faced with dealing with -- with receiving electronic records in place of paper writings, whether or not they had a computer. So, it was from that perspective, the interrelationship between electronic commerce and the real world commerce that we address this whole issue. And that's, I think, an important perspective to keep in mind. If we were only dealing in ESIGN, with the commerce between people or participants who were both online, we would be devising different types of consumer protection. But it's the interrelationship between the physical world and e-commerce that creates somewhat of the controversy and a lot of the difficulty in trying to design appropriate consumer protections. We initially sought, obviously, quite a few more consumer protections than we actually got. The consumer consent provision is a real product of the legislative process, rather than a necessarily well thought out and conceived negotiation. It's, I think unfortunately, probably a -- more like a sausage than a clean resolution -- than a clean legal resolution of a bill, of a problem. I think that what would be best for me to do in my remaining two minutes would be to explain exactly what we're most afraid of. We see consumers in the real world who are taken advantage of all the time. We see, especially in low income and minority communities, consumers who are -- who are not sophisticated, who do not have sufficient choice in the marketplace, or even when they have it, they do not feel or do not know how to exercise it. We see, unfortunately, in the low income marketplace, many, many instances of some businesses skirting the edges of legality, taking advantage of the lack of clarity in the law, often quite brazenly pushing the envelope of the law in trying to see how much they can get away with. I think predatory lending, which is a new issue for many people, is an evident problem which is an indication of how there are certainly some people in industry, in commerce in this country, who will push the envelope and do whatever is legal, whether or not it is right. We know that if e-commerce in the name of facilitating e-commerce, a law allows the delivery of an electronic notice or disclosure to someone, whether or not they can actually receive it, but some members of business will take advantage of that. So, for example, we're concerned about the little old lady sitting at home who is visited by the home repair siding salesman. Right now, that siding salesman has to, and while he's going to rip her off in many instances, he has to at least give her paper writings evidencing the full details in which he's going to rip her off so that if she goes to an attorney later, she has the information, and the attorney can try to help her. She also has a very important notice of the right to cancel the transaction, and she has it as a piece of paper in her hand. After he leaves, and she has three days to think about that, that's an FTC required notice. If ESIGN did not have the consumer electronic consent provision, then she could be asked to sign, among all the pieces of paper that she signs that day, an agreement that would allow the -- all of these disclosures and notices in the contract itself to be sent to her at an email address established by the salesman. We know that that will happen if it's legal, and if that happens, that little old lady will be even worse off than she is now. At least with electronic consent, she has to be able to -- the electronic consent process has to indicate that she has the ability to access electronic records, and that is not likely to be able to happen -- to occur in this instance. MS. HARRINGTON: Thank you, Margot. Now we will turn to Jerry Buckley, who is counsel for the Electronic Financial Services Council, and one helpful thing that Margot did for us, I think, was to tell us what her organization is most concerned about in all of this, and if both you and Ben could be thinking about that, to tell us your thought on that as you present that would be useful. So, thanks, Jerry. MR. BUCKLEY: Thank you, Eileen. I represent -- I'm a partner in Goodwin & Proctor, and I represent the Electronic Financial Services Council, which I believe is the only trade association which is focused entirely on trying to promote changes in the law and regulations which will facilitate the electronic delivery of financial services. Last year's passage of the landmark ESIGN legislation has cleared the way for businesses and consumers to access the benefits of conducting all sorts of transactions online. The act amends thousands of state and federal laws in a very simple way, as we know, it simply provides that a signature, a contract or a related record in any transaction in interstate or foreign commerce may not be denied legal effect, validity or enforceability solely because it is in electronic form. The long-range effects of this sample change in the law in our view will make this one of the most important statutes to be passed by the 106th Congress. We expect that not only will consumers be able to access products and services 24 hours a day, seven days a week, but and not only will literally billions of dollars be saved in records management, but it will also bring a wider array of products and services to inner-city residents and to rural consumers. It will allow consumers to shop in the privacy of their homes, without pressure. It will allow consumers to ask questions about products, without embarrassment. It will empower more effective, timely and understandable consumer disclosures, and it is this feature of being able to have explained financial products in simpler and more understandable terms that we believe will some day empower consumers to take the features of various financial products to mix and match them and to create new financial instruments tailored to their individual needs. Combinations of lending, insurance and securities features, engineered mutually by a financial institution, and financial services providers and consumers online, we believe can allow the creation of products which meet consumers' unique needs, and we believe that this process, which is going to take some time, will justify the claim that this, indeed, is landmark legislation for the financial services industry. While these changes in business processes will be substantial, the business community, to its credit, we believe, is approaching the use of these powers in a thoughtful and methodical way. That the ESIGN Act has not spawned the rapid deployment of new products in our view is healthy. Rather, businesses, in our experience, are steadily developing the infrastructure to offer financial products which will gain wide market acceptance. I shall speak later about the efforts of our organization to promote industry guidelines for the origination and sale of home mortgage loans in the secondary market. As you all know, with the passage of this legislation, you and I, Eileen and I could enter into a contract to do business online, and I could give her a lease or arrange for a mortgage, but whether that product would be accepted in the secondary market, whether the lease would be financed by a financial institution, will depend upon the ability of the various industries to develop the infrastructure that is necessary. It reminds me of when the secondary mortgage market was being created some 20 years ago, all of the reps and warranties, all of the procedures that were followed, were developed carefully back in the early 1980s, and we have had very little problem in that industry. I think we have to approach the creation of the infrastructure for electronic transactions in the same thoughtful way, and we're trying to do that. The act is self effectuating, that is it does not require the issuance of regulations to become effective, but does allow for regulatory guidance of the kind that the Federal Reserve issued last Friday. What is important, though, is that the provisions of the act not be superseded or changed by regulations, thus the act imposes a healthy set of requirements. First that regulation be consistent with section 101 of the act, secondly that it not add to the requirements of section 101, that there be substantial justification for the regulation, that the methods would be substantially equivalent to the requirements imposed on records that are not electronic records, and that the regulations not impose unreasonable costs on the acceptance or use of electronic records. We think these are very important provisions in the act, and we strongly support them. The consumer consent provisions of the act are important, and we very strongly supported those when legislation was being considered. We have noted in the paper that we submitted that we -- that the procedures to use the powers -- first of all, I'm sorry, that we are encountering some challenges with respect to the reasonable demonstration test as well as to the issue of when disclosures must be provided. I would emphasize that these are by no means barriers to the use of the act, but rather hurdles to the utility of which may be inappropriate, and may need examination in the future. These and other issues which we will cover in more detail in the legal issues discussion to come. We want to thank the FTC and the Commerce Department for organizing this workshop, and we would also like to point out that while we have responded to the request for suggestions of areas where the statute might be creating problems or need modification, we believe that at this stage, the appropriate course of action is to allow more time for businesses and consumers to gain experience working under the provisions of the act, as passed, before trying to fashion improvements. The need as we see it at this point is not for new legislation, but for patient efforts to develop business practices which will bring the benefits of this legislation to a wide number of users as reasonably as possibly. Thank you. MS. HARRINGTON: Thank you, Jerry. Ben? MR. DAYANIM: Thank you. I want to thank you very much for including me in today's proceedings. And I was listening to Margot and to Jerry and it brought back memories from several months ago. I have to say it's almost as if we planned the -- our remarks, although we didn't, because I think what we've heard from Margot and Jerry is really the two different perspectives on ESIGN, the fears and the promise associated with the act, and so that sets me up very nicely to kind of try, anyway, to draw them together, and I have the unique pleasure today of speaking on behalf of myself. I'm an attorney with Paul Hastings, I was involved with ESIGN on behalf of a client, but I'm here speaking my own mind today which gives me perhaps a little more flexibility than otherwise might be the case. I think in considering the issues that both Margot and Jerry raised, you first need to step back and ask yourself what is the objective that was attempted through the consent provisions. And I think that everyone, with perhaps the exception of Professor Winn, who submitted comments, very interesting comments to the proceeding here, would come at this from the perspective of saying we don't want to affect the substantive law that existed prior to ESIGN, except in the narrow aspect of allowing electronic media to substitute for paper. In other words, in this particular instance of consumer protections and consent, we simply want to replicate the substantive protections that exist in the offline world by translating them onto the online world. And we don't want to favor or disfavor the online world in doing that. And, you know, as I said, I think that was the near unanimous objective, and I think it's a very high-minded objective, and it sounds like a very appropriate objective, and I actually think it is the appropriate objective. The problem is, is that when you try to implement that objective, you run into the reality that there are inherent differences between electronic media and paper. And so then the question becomes how do you accommodate those differences without overly -- without strangling the very benefit that you're trying to achieve by enabling e-commerce to flower. And that is, you know, maybe not simply put, but somewhat simply put, that the nub of the issue with which we all struggled in trying to devise the consent provisions. And you will hear a lot more about them in the panels later today, so I'm not going to really address any of the details now. I will simply say that in my view, what ESIGN did, and Margot is quite right, I think it was like cutting sausages, it was not necessarily by design, although I think every individual had this goal in mind, was try to reach that balance. And I think it approximates that balance, although not very elegantly, and in ways that I personally would have preferred it not, nevertheless, I think at the end of the day it comes out roughly at that spot. And I do share with Jerry the view that the fact that you haven't seen necessarily, although I think it's all a matter of perspective, an explosion of financial services or other e-commerce that takes advantage of ESIGN is not reflective of the consent provisions themselves, perhaps in isolated instances it might be, but as a general rule it's not, it's simply that businesses are trying to figure out the best way they want to approach e-commerce generally, and I think some of that has been -- is part of a larger economic picture and some of it is part of just a re-assessment by businesses regarding how they want to approach the Internet and how they want to approach e-commerce. I don't think this is a situation where the statute has created any barriers. MS. HARRINGTON: Thank you. I would invite any of the folks who are at the table right now to ask any questions of these presenters that you might have, or make any observations that you might have. We have about four minutes left on this session. And I think that we can use it. And I actually have a question. And it comes out of Margot's concern, which is that, if I can summarize, that the most vulnerable of consumers may be victimized by the businesses that operate on the ethical margins. And is that a fair -- MS. SAUNDERS: That's our primary concern. MS. HARRINGTON: -- statement of your concern. MS. SAUNDERS: We have others, too, but that's the main one. MS. HARRINGTON: One question I have is whether the concern about both consumers and businesses that might be more at the margin, ought to drive policy, and if so, why? And I would invite any of you very quickly to answer that. MS. SAUNDERS: Well, I would hope that this society that we live in is one that -- one in which we care for everyone, including our less fortunate, and we have 200-plus years of laws that recognize that the less fortunate and the less sophisticated should be protected. Certainly our entire legal system is based on the whole analysis of ensuring a fair resolution of problems, our criminal justice system is based on the expectation that we should allow innocent -- excuse me, guilty men to go free rather than wrongly convict an innocent one. Since biblical times, laws have limited commerce based on the recognition that the difference in bargaining power between individuals, especially individuals in need of borrowing money, need to be protected from lenders. So, unless we're on a radically different course, I would hope that we not change that basic premise of our legal system. MS. HARRINGTON: Okay, thank you. Bob? MR. WITTE: Hi, I'm Bob Witte, I'm with Kirkpatrick & Lockhart, and I'm here on behalf of the Investment Company Institute. You know, I think that's a really key question, and I think Margot is fair and right in saying that we have to care as a society about the less fortunate and less able to protect themselves. The question, though, I guess is, is that what drives the policy. And I think it's got to be a consideration in the policy, but whatever the policy is, whatever the rule is, whatever the orders are, there will always be a margin. There will always be somebody, some group that's at the edge of it, and as you said, Margot, there will always be unfortunately some people who are taken advantage of. So, as I think was clear from both Jerry and Ben's remarks, the issue is a balancing, and the question is are we going to have a rule that -- I don't even think that's the question, I think the question is how do we avoid having a rule that so burdens or adversely affects the business and the commerce that is important to everybody, at whatever end of the spectrum, by overconcern, we want to avoid overconcern without lack of concern for those who are less able to care for themselves. And notwithstanding biblical times, there is a certain ethic in this country, too, about people having responsibility for their own actions, and while we need to take into account those who are less able to take responsibility, or respond to fraud, which is really what you were talking about, we need to recognize that there is some element of responsibility inherent in our social structure, and I think in our own government. MS. HARRINGTON: Elizabeth, very quickly. MS. YEN: Thank you, Eileen. I'm Elizabeth Yen, I'm a lawyer with the firm of Hudson Cook, and I'm in the Connecticut office of Hudson Cook. I just wanted to respond quickly that for the transactions that we already believe are very, very important and put consumers at high risk, we already have a lot of statutory protections built in in terms of, for example, Margot referred to the rights of cancellation, recision notices have to be delivered in duplicate, certain disclosures have to be in ten point, all cap, bold-faced type, and you've got a lot of sort of form and also substantive protections built into the system. In the fraud context, in the context of e-commerce fraud, I think it's going to be difficult for the merchant to actually prove that all of those disclosures were provided. And even without e-commerce, obviously you have some shady dealings where people do not observe those formalities. And at the end of the day, those contracts are void. I don't know that the result would be any different in the electronic world. MS. HARRINGTON: That's going to be the last word. We're up at about 65,000 feet looking down on our task here, which is to evaluate the cost and benefits of the reasonable demonstration portion of the consumer consent provisions, but that weighing of costs and benefits necessarily begins, I think, with the very broad look that we've just taken. And thank you very much to our three overview presenters, it was excellent. We're now going to move into the legal issues panel, which will be moderated by my colleague, April Major. Let me remind all of the participants, and we need some of you who are on this panel to move up to the table now, and they would be Margot, Jerry and Ben are already here, Elizabeth, Bob, Jane Stafford, Mark MacCarthy, and I see Jeff Wood is already here. So, if you would take your seat, let me remind you, panelists or discussants, if you want to speak, raise your tent, and please identify yourself, name and organization, so that our reporter can get that into the transcript. Thank you. MS. MAJOR: Thank you, Eileen. I want to thank all of you for your thoughtful comments and agreeing on being here today for today's discussion. I want to thank Margot and Ben and Jerry for setting the stage for the day's discussion and providing such an excellent framework for which we will work upon for the next hour when we discuss the legal issues associated with section 101(C)(1)(C)(ii). Now, if there's anything that we can agree upon today, I think, it's that ESIGN is not an easy statute. Section 101(C)(1)(C)(ii) has caused a good deal of controversy, to say the least, and that's what we're here to talk about right now. Particularly when we're studying what the statute requires, what the statute provides, and how to comply with the statute. So, I would like to start this panel off with the most basic question of what does section 101(C)(1)(C)(ii) provide, what does it require of sellers, and what does it require of consumers, and I think this discussion will necessarily lead into a discussion of the ambiguities which all of you have mentioned in your comments that are associated with this section. Ben, would you like to lead us off in what you think this provision requires? MR. DAYANIM: I will attempt to do so. Well, looking at it on its face, it really has two key components, and we all know what they are. The first is that the consent or the confirmation of that consent be electronic. And the second is that the consent or the confirmation of the consent be done in a manner that reasonably demonstrates that the consumer can access the information that is going to be provided to him or her. And it is there that all of the controversy lies. My view of what that means, I tend to think that it was intended as a common sense test. And I think that most folks are interpreting it that way. In other words, the electronic part is fairly self evident. The reasonable demonstration part is the part that creates the ambiguity, and I think there -- if it appears from the circumstances that the consumer was able to access the information, I mean that's reasonable demonstration. A good way to do that, although not necessarily required, although I would think that it would be a good practice, would be to provide the request for consent that the consumer is responding to in the same format in which the records will be provided, because then if the consumer is able to understand your request and respond to it, then presumably the consumer can -- that presumably the consumer will be able to access the records that will be provided subsequently as well because they will be in the same format. There are many ways to do it. In the comments that I submitted, I had two suggestions that are not original to me, they were two suggestions that were raised at the time of the statute, and although I recognize that there may be some concern with them, I think that they are nonetheless essentially appropriate. And the first is to provide the request for consent in the form of an attachment to an email, and therefore if the person is able to open the attachment and respond, in other words read the instructions and respond appropriately, then that person would be able to access the records. And the other manner is through a, for example, if it's website type function, to have it come up on the screen, again in the same format that that record will ultimately provided. I mean, that's a -- that may be considered to be a little -- what's the word -- some might consider that to be a little Pollyanna-ish, because the words themselves are ambiguous and there is room for mischief there. But so far we haven't seen it. MS. MAJOR: Well, I -- go ahead. MR. WITTE: If I could just expand a little bit, this is Bob Witte, expand a little bit on what Ben said. It seems to me that the mischief, in part, comes from, as it often does in legislation or rules of any kind, from the language. And those of us who were involved somewhat in the process of the legislation know, I was one who yelled and screamed a lot about the particulars of the language, because the language of the statute does tie the demonstration to the consent. It talks about consent in a manner that reasonably demonstrates as opposed to there being a reasonable demonstration. And so what that gives rise to is some uncertainty. And I say uncertainty because during the process, the legislative process, in discussing this issue on the Hill and elsewhere, people who advocated the language really said well, nobody is going to interpret it that way. And frankly I think that's Ben's position. And he's nodding, let the record show, but I think that's really the issue. You know, how tied, really, is the demonstration to the consent. And we have legislative history that helps. While it may -- as legislative history often does -- suggest various avenues, there's some consensus there, too. I think there are four paradigm kinds of ways that you can expect to have a reasonable demonstration. One is what I've called the self validating sort of consent, similar, really, to one of Ben's examples. An easy one is somebody's accessing information on the Internet, and the consent is there on the Internet, it's all in HTML, they are going to get all of the disclosures that are going to be covered by the consent in HTML, merely the process of accessing and consenting demonstrates an ability to deal with HTML, so that ought to be a reasonable demonstration. That one seems to me no controversy really available as to whether that would be adequate. Legislative history, I think pretty strongly suggests, if you look at the colloquies and elsewhere, that you could go even further than that, that it would be at least sufficient if you provide an opportunity to test a format, let's say a PDF format that you might push out to the consumer in the course of the consent, maybe you are going to correspond with them over the Internet or through email and say okay, attached here is a PDF document, give it a shot, see if you can open it, and then respond with an affirmation that says I could open it. And that then that would be a sufficient reasonable demonstration. That's the second paradigm. And as I said, I think there's a fair amount of support, in fact a lot of support, in the legislative history to suggest that that's enough. Even though you can't really say that that is quite the manner of the consent, it is the consent, per se, at least, that affirmed it. Another possibility, of course, is that you get an affirmation of the ability to deal with this particular format, irrespective of whether the particular provider at the particular time has provided an opportunity to test that format out. And if anybody, whether it's a sophisticated user or Aunt Sally, says yeah, I can use this, you know, why isn't that good enough. And then there's a fourth, which is frankly hardest to tie to the consent, but which logic suggests, at least to me, really ought to be sufficient. And that is if you could really demonstrate that the consumer could access or even did access the relevant information, irrespective of whether that's part of the consent process, and there are many circumstances in which this could occur, then why is that not enough to be a reasonable demonstration of the ability of the consumer to access? Now, those are different paradigms, I suppose there are others, but those are the ones that come to mind to me, and they're the ones that people in the investment company industry, and I think certainly in the financial services and probably more broadly, much more broadly than that, people are struggling with deciding well, what can we do, and what will work. The law is full of reasonableness tests, and those of us who are lawyers would have a lot less to do if there were none in the law, but the fact is they work pretty well by and large, but what we've had here is kind of an unhappy conjunction, I think, of first of all -- MS. MAJOR: Let me interrupt you because you've just brought up about six different issues that I think all need to be addressed. MR. WITTE: Well, give me one more minute and I promise to be quiet for a while. MS. MAJOR: Okay. MR. WITTE: Jerry says no. The conjunction is, first of all, as I mentioned, the problem with the statutory language, which gives you question as to whether you're limited more than you might otherwise be. The second is that there are substantial risks involved in not complying, and we'll talk about that, I'm sure, as time goes on, and the third is that at least so far, there has been kind of a remarkable dearth of regulatory interpretation. There are regulatory agencies, at least in our industry, in the financial services industry broadly, that have jurisdiction. Jerry mentioned the Federal Reserve came out, although I would say finally, although they were really among the first to come out with any regulations actually speaking to ESIGN, and on this subject they really didn't say much. They basically said well just do that, and whatever that is, do that. The IRS came out with rules that parallel ESIGN, and they also said well, do that, and in our sector, the SEC, for reasons that I really couldn't say, have not spoken to this. So, there are areas in which regulatory interpretation is very helpful, especially the kind which the SEC, at least, has been want to use, which is here's some examples of what will work, you know, you can maybe do other things, but these will work. And of course I would submit if you took my four examples and said these will work, things will be a lot better, because the down side, the risk factor would be very small. MS. MAJOR: Thank you. Margot? MS. SAUNDERS: In many ways, although most of us think it could be done better, there's an elegant beauty to this electronic consent provision, because it accomplishes some protection for three different problems. One, it presumably tests the consumer's capacity to access any electronic records. So, that's an important -- that's especially important to my clients. Two, it protects the consumer's capacity to access the type of records that will be provided by this business. In other words, the software capabilities. And three, it serves to emphasize to the consumer the significance of what the consumer is agreeing to in regards to receiving future electronic communications. So, with those few words, which I attribute to Andy Pincus, general counsel of the Department of Commerce, he tried to address those three distinct concerns that consumer advocates had. I believe that my example that I gave of the little old lady sitting at home would not -- there is no way under this language that a court could find that even if the salesman provided a laptop to her, and she then electronically consented through either the Internet or an email account that the salesman established for her, that using the laptop provided by the business seeking the consent, that that would not reasonably demonstrate that the consumer can access information. I also believe that the consumer sitting at the car dealership, who accesses information through the car dealership's Internet website or through an email account established by the car dealer, even if the consumer is on the premises of the car dealer, that that does not -- I don't think -- indicate that the consumer can reasonably access information. The consumer -- this requirement is that the consumer has to do something affirmative, take some steps. That does not mean that a consumer -- and I think this is unfortunate, but I don't believe that a consumer who then goes to the public library or goes to a public access computer or kiosk and consents through a website or through an email account that they already have, that that -- I don't think that that process would be illegal. In other words, I think that would be acceptable under this scenario -- under this language. MS. MAJOR: Mark, would you like to respond to that? MR. MacCARTHY: Not directly to what Margot was saying. MS. MAJOR: Okay. MR. MacCARTHY: I'm Mark MacCarthy with Visa. Just a couple of quick comments. One, I think it is important that our friends at the Federal Reserve have stepped up and, you know, made some attempt to interpret the ESIGN legislation in the context of administering their own organic statute, the Truth in Lending Act and the regulation Z. I think that does show that it is possible and indeed desirable for existing regulatory agencies to step up and to show how the requirements of ESIGN can be used in conjunction with the underlying regulatory requirements with respect to disclosure, but our sense is that it is desirable at this point to leave the kind of flexibility that was built into the Electronic Signatures Act in place, and that regulatory interpretations that narrow or confine the range of different ways in which people could comply with the consent provision would really cut short some of the experimentation and flexibility that the statute, I think, wisely left unconstrained. One thing that I think would be worth putting on the table is we're discussing the consent issue as if consent is universally required in the context of disclosures, but it's worth mentioning that the fed had indicated in at least a couple of areas, consent is not required. Now, perhaps it falls into the category that you're talking about, the sort of, you know, self-validating kind of situation, but for example, in the area where electronically a solicitation or an application form has to contain on it or with it any of the required disclosures under regulation Z. If that kind of application is being delivered electronically, then it doesn't make sense to prior to delivering that electronically to ask for consent to deliver the disclosures electronically. You're already in the situation where someone is reading the application form or reading the solicitation, and the required disclosures have to be done in conjunction with that. It doesn't create a loophole because, you know, it doesn't create the possibility that someone would, for example, in the paper world, withdraw the information from the paper and say I'll give it to you electronically. The information in the paper world still has to be provided in paper form rather than in electronic form, but recognizes realistically that to require consent before providing disclosures in that kind of context is a kind of catch 22. So, we're sort of acting as if it were universally assumed that you need consent, but in fact in some circumstances, disclosures, electronic disclosures, will take place even though for practical reasons there won't be a requirement for consent. MS. MAJOR: Well, I think you're bringing up the issue that a lot of you discussed in your comments. Some of you are asking for more guidance with respect to this language reasonably demonstrate. Some of you are asking for narrow interpretations of this, and some of you are discussing the need for broad and flexible interpretations of the statute. And I would like to you discuss this in the context of how does one reasonably demonstrate that they can access this information in the manner that it's being provided? Jeff, would you like to continue? MR. WOOD: Sure. Jeff Wood, I'm an attorney with Household Bank and I very much appreciate being invited today. I want to follow up on one issue that I think is very important. The Congress, you know, adopt one -- sort of a one-size-fits-all approach, and one thing that the Federal Reserve recognized which is mentioned is that, you know, not all disclosures are the same, not all contracts are the same, not all documents are the same, you know, we banks have a lot of information to provide to consumers and, you know, many times customers are frustrated because they're receiving so much information that they don't know what to do with. But what was recognized I think is a very important point, is that, you know, disclosure is provided at the application stage, which don't need to require consent under the proposal, or the interim final role, you know, are different from disclosures that are provided at the stage of contract. And, you know, I think that's a very important point. With respect to the reasonable demonstration test, I think that it is -- it is workable, if not totally unworkable, but I think that it does reflect a tension that is probably an appropriate tension between, you know, letting commerce do whatever commerce needs to do on the one hand, and on the other hand providing appropriate protections. So, I think that it's there, and I think that one thing that is difficult, and I think we'll get into this later in the day when we talk about practices, how do you actually -- how do the technological people, you know, actually ensure that there is, you know, that there has been that demonstration. And Bob went through some of the four paradigms, and I think that a conservative business is, you know, more likely to pick the one sure bet, you know, if the customer is using a website and receiving documents in HTML, then he's got it. You know, that's too bad in a way, because that's limiting, that's going to limit the nature of e-commerce. And so that's too bad, and I don't know exactly what the way is around that. There's just one more point, that not only are there different levels of disclosures, but there are also different types of disclosures. For example, under the Graham-Leach-Bliley Act, you provide a privacy statement along with the right to opt out. That's kind of an interesting one, because the customer doesn't have to respond to the privacy statement, he doesn't have to access -- he has to be able to access the documents, but he or she does not have to acknowledge receiving it under the law and the regulations, but there does need to be an opportunity to opt out if the company is sharing personal information with third parties. So, you know, does the opportunity to opt out if, you know, access to a particular matter, did that help to reasonably demonstrate that the customer got the document. You know, I mean there raises a lot of issues. MS. MAJOR: So, do you interpret ESIGN as requiring that the consumer -- they respond to the seller that they have actually received this information, is there this extra step required here? MR. WOOD: You know, that's an extremely important issue, and I think that yes and no is the answer. I think that depending on the nature in which the documents are received. If they're received in a certain way. MS. MAJOR: Give an example. MR. WOOD: The example of the HTML, the consumer clicked consent, you know, I apply, for example, or I agree, or submit. MS. MAJOR: So, you're saying that the consumer is already on the Internet, already sitting behind a computer. MR. WOOD: Right. MS. MAJOR: The information is being disclosed to the consumer via an HTML webpage, it's enough that the consumer clicks on I consent or I agree, that that you would interpret as complying with section 101(C)(1)(C)(ii)? MR. WOOD: I think that would have to be reasonable, reasonable demonstration, with respect to -- only with respect to what's being provided at that time. I don't think that it necessarily works for documents that are provided at a later time. MS. HARRINGTON: Follow-up question, Jeff. You said that following the more conservative paradigm, using HTML only, would limit e-commerce. Can you specifically tell me, give me an example of how that is limiting? MR. WOOD: Yeah, one of the commenters made a good point about, for example, monthly statements that are provided at a later time, obviously. And one thing we've found in e-commerce is that our customers are a little leery of e-commerce at the beginning stage of the relationship, but after they're already a customer, after, you know, they know who we are, we know who they are, they're much more comfortable with it. And so, you know, we have customers, millions of customers, who, you know, want to sign up for what we call customer care, what many companies call customer care, which is receiving statements, or being able to make bill payments online, or that kind of thing. And the technology is a little different at that stage, maybe, than it is at the beginning stage. So, you know, specifically, you know, we find it -- it's kind of a -- it goes both ways. We find it difficult to consummate a transaction, you know, by that I mean originating a transaction, you know, at the first step, you know, there's a lot of hurdles. You know, there's the privacy statement, there's all the disclosures, there's the contract, et cetera. That' a little more difficult. But it's in a way a lot easier to provide statements. Now, the question was, one of the comments raised a very good question, you know, do you provide the statement online, meaning the customer can simply log onto the website and look at his statement, and how do you know that that customer did that? And that's kind of a -- that's kind of a little thing that we're working on. I mean, I think a lot of companies are working on. MS. MAJOR: Jane and then Ben. MS. STAFFORD: Yeah, one of the things that Mark brought up about the federal regulators coming in and beginning to define within their own venues certain aspects, regulations, E, DED, the alphabet that's been just recently promulgated by the Fed, raises some concerns in a sense of saying now we're going to have to look from ESIGN down to another regulation to see where we begin to comply and where we don't begin to comply. And I think that's just something that we're going to have to deal with as we go forward. The example, for example, of equity line, original disclosures, which are required by the regulation Z to be in writing, apparently do not have to be delivered with an ESIGN consent. And perhaps you can understand that, because that is something of a preliminary, informational, promotional type thing, even though there are required regulatory disclosures in it. I think that's one issue. So, I think we have to be concerned. Our other concern in terms of writing is a concern, and everyone who's creating contracts needs to be concerned with what state laws you're using, because different state laws have different writing requirements. And while you could have a state law that says you must deliver consumer a modified UCC to provide that you must deliver checking statements in paper, therefore you are now under ESIGN in order to be able to deliver that checking statement. And so you have to know your state laws. And most of us are working nationally or internationally, which creates a very interesting situation. We certainly can determine venue in our contracts, and hope that that stands up, but I think that's an issue. I think the other issue that we've talked about in terms of the technological piece, and I'm sure the technology people will talk about this is, is this statute clearly, I think we all kind of have come to a consensus that the HTML process really works well with ESIGN. You can create your click-through buttons, you can create your -- design your site so that if you don't agree, you don't get to go forward, and, you know, you've got an evidentiary piece. I think when you go into something like delivery by email, or even delivery of a message that something is available, if you go out on the website, but you have to deliver that by e-mail, and that is, by the way, a proposal I believe in the Fed's new regs, you have now just created an entire department of administration to make sure that that email has been delivered because this statute requires that, that you have to demonstrate that it has been delivered. If you have somebody who changes an email address, if you have a site down, there are some webmasters who do not return unreturned emails, how are you sure that that is delivered, and that's an evidentiary piece that you have to create within your institution. So, I think that there are some limitations, or I'm not sure, actually, in saying all of that, whether this requires regulations or requires more broadness. I don't know. But I think that the reasonableness standard of proving delivery is an extremely difficult one, and I think what really is going to happen is that at the early passes, people are going to stay with the HTML, but delivering on wireless, for example, is another whole issue that I'm not sure how we'll create the -- I mean it's a project we at Wachovia Bank are working on, but I'm not sure exactly how we're going to meet all the requirements on a wireless system where you have to have -- I mean, having one department of people having to count. The whole purpose of electronics is to get out of that business. MS. MAJOR: Thank you, very good remarks. Ben? MR. DAYANIM: Yeah, just two quick points coming off what Jane and Jeff mentioned, and I'll steal a page from Bob Witte's very appropriate school of very close statutory analysis. To point out that firstly, what we're not talking about here is delivery. I mean, if you read the statute, if you look at the section, you know, not the (C)(1)(C)(ii) piece that we've been focusing on, but the introductory piece. What it says is that where there's a requirement that a record be delivered or made available in writing, the requirement that it be in writing is satisfied if, et cetera. So, all this deals with is whether or not you're satisfying the requirement of writing, not satisfying the requirement of delivery. Delivery is a whole separate issue that ESIGN very consciously does not address. That's one point to keep in mind. A second point to keep in mind is that it doesn't say that if you don't meet this regime, that you haven't satisfied the requirement that information be in writing. So, firstly, you're only dealing with -- and I guess there are really three points, because firstly, you're not dealing with delivery. This doesn't get you home with delivery at all. Secondly, you're only dealing with requirements that have to be delivered in writing. So, things have don't have to be provided in writing don't really fall subject to this. That's important to keep in mind, too, when you're talking about some of the new disclosures or other kinds of requirements that you may be obligated to communicate, but not necessarily be obligated to communicate in writing. And then thirdly, even if you don't satisfy the technical language of the provision, I would say that -- using Bob Witte's I guess fourth paradigm -- if you reasonably -- if you can actually reasonably demonstrate that the person actually was able to access the information, then I really don't see any problem, and I've advised clients that way, because yes, you may not be eligible for what -- I'll use a term that maybe some people might disagree with, you may not be eligible for the safe harbor provided by this mechanism, but you've actually provided the information, the information actually was accessed. I cannot conceive of a circumstance where you would incur liability under that situation. MS. MAJOR: I think that we recognize that there is controversy over whether actual delivery is required and I would like some of you to address that. The other thing that you brought up was the in-writing requirement, and I think there are some issues involved in that. What is exactly -- what is, you know, something that's required to be in writing, what does that mean. But I know Teresa has a question, so I will let her go. MS. SCHWARTZ: I wanted to ask whether this -- I wanted to ask whether this distinction that I hear being drawn between preliminary disclosures that statutes may require in writing, whether those preliminary disclosures are -- should be treated differently under ESIGN from disclosures that are required in writing preliminary to an actual transaction. And whether that -- there is a line that might be drawn there, whether people agree that that is a line that senses, even though the statute doesn't draw that line, it calls for consent whenever disclosures are required by statute to be in writing, which can be preliminary disclosures. So, and I understand the Fed perhaps is drawing that line or appears to be drawing that line, but I wondered if others here would draw that same line, you know, more broadly across statutory requirements. MS. MAJOR: Bob or Margot, would you like to respond to that? MS. SAUNDERS: Can I respond to that and several others? MS. MAJOR: Absolutely. MR. WITTE: Only if I can. MS. SAUNDERS: I don't think -- unfortunately, I don't think ESIGN draws the distinction that the Fed has apparently made. As I said, I think the only -- the only distinction that the -- the only recognition that there would be an ongoing relationship that ESIGN makes is this requirement that the consumer must do -- must electronically consent, which is meant to -- I think one of the purposes is meant to emphasize to the consumer the importance of what they're doing, that they are agreeing to receive all future records electronically. I agree that with what Ben said on several points, that the statute specifically and deliberately does not address delivery. There is no mention of delivery, other than as a trigger for the consent, in here, and there's lots of legislative Congressional language that said that we look for delivery requirements under the other law that's being satisfied. I think the reason why is that we couldn't begin to agree on how we evaluate delivery. MS. MAJOR: So that the seller is under no obligation to in some way demonstrate that the consumer actually -- I mean he actually delivered the -- MS. SAUNDERS: I think the seller is absolutely under that obligation under the other law that requires the delivery of the document. So, for example, under the FTC's notice requirement to provide notice of the right to cancellation on a door-to-door sale, that rule, as I remember it, requires that the salesman deliver to or provide to in writing two notices -- two copies of the notice of the right to cancel. That means that that salesman has the obligation of ensuring that the -- I think -- consumer has received it. Because what is contemplated in that transaction, when the FTC passed that rule, was that the two people were standing right there. So, the -- we have to look at what was contemplated when the requirement for delivery was originally written, and if it was assumed that delivery would mean handing the other person a piece of paper, that also assumed that the person had to take the piece of paper. So, delivery cannot mean in that context simply posting it on the website or even emailing it. MS. MAJOR: I think that's a -- MS. SAUNDERS: But that -- I was just going to finish the sentence, but that same delivery requirement may not apply to other statutes which don't by their terms contemplate the face-to-face relationship. MS. MAJOR: I was just going to underline what you said. I think that it's important to remember that ESIGN doesn't exist in a vacuum, that it's always overlaying some pre-existing legal requirement, and that often is lost in this type of legal issues discussion. Continue. MS. SAUNDERS: Two other issues that I wanted to address very quickly. One is the in-writing requirement. The question has come up as to whether any document required by other law to be in writing must have been consented to electronically before it can be delivered electronically. That's, I think we've already addressed that question. The other issue there is, what does the other law have to say? Does the other law have to say the words in writing to trigger this requirement? And I would argue that the answer is no, if the other law implicitly assumed that the only way to deliver the information required was in writing, then that implicit assumption should trigger the electronic consent. For example, under North Carolina law, where I'm licensed, there's a four paragraph long requirement about late fees for mortgages, which we worked very hard to get through the legislature. This was 12 years ago, I think, and no one ever contemplated that there was any way to deliver all of these disclosures, other than in writing. So, while there's fairly complex disclosures that must be delivered to the consumer, the statute doesn't say in writing. I would argue that that implicit requirement for a writing would also require -- would also trigger the electronic consent, and that a mortgagor in North Carolina could not -- mortgagee in North Carolina could not deliver a late fees notice electronically without having previously received an electronic consent from the consumer. MS. MAJOR: Would it be your interpretation, then, that the in-writing requirement doesn't necessarily correspond with something that was required to be delivered in -- on paper, but when they use the term "in-writing," they are using the type of language to imply something that the consumer can retain, can hold onto, that doesn't necessarily have to be on a piece of paper. I think some of the legislative history in the floor debates used the term "paper," but is that necessarily part of the in-writing requirement? MS. SAUNDERS: I'm a little confused. If you're saying that the delivery of a writing requirement could be faxed? I'm not quite sure how you deliver something in writing before electronic disclosures existed, other than on paper. I mean -- silver paper or fax paper? MS. MAJOR: Something maybe that's required to be attached to on a label or a piece of clothing or written on a tire. MS. SAUNDERS: Oh. I think retention is very -- MS. MAJOR: Retention is really the key of that, right? MS. SAUNDERS: Yes, and I have that as a note here that I wanted to bring up, that we're all talking about access, but the consent provision also keys in the retention requirement. And ESIGN has a very specific protective retention requirement that goes far beyond UETA's retention requirement. And I think that the retention requirement in ESIGN is -- must be implicitly read into the access requirement. In other words, ESIGN does not require that a consumer must indicate that they have the ability to retain. That was the fight that we lost, unfortunately. But ESIGN does require that for a record to be provided that is otherwise required to be provided in writing, it can only be provided pursuant to the requirements of 101(D), and that -- so, that record retention requirement is triggered by an underlying law requiring a writing, which is one thing that's different from UETA, whose record retention requirement is only triggered by an underlying law requiring retention. And that record retention requirement requires that the record accurately reflect the information and be capable of being accurately reproduced for later reference by the consumer. We can weed that in because it's required to be retainable by all parties. That means that going back to the HTML or MicrosoftWord discussion, that when a document is delivered electronically, which is otherwise required to be delivered by other law in writing, it's got to be delivered in a record format which can be accurately reproduced for later reference by the consumer. Now, I would posit that a word processing document such as WordPerfect or Word probably does not meet those requirements, because it's like writing on a chalkboard, and how can this consumer open the document and then be able to reproduce it for later reference and prove that it is the same document that they received, because it may have a different date on it, just simply by virtue of being opened by the consumer. So, that's a complication that should be factored in, which I think can be addressed using HTML or PDF or some other kind of format. MS. MAJOR: Bob? MR. WITTE: Boy, there's a lot of apples in with these oranges. I mean, it's a little scary, the last thing, I guess, because it sounds like the only things that will work are the things that wouldn't be sufficient because you're positive that they can't be retained because by printing them out by its nature changes them. That's a little scary. MS. SAUNDERS: I didn't mean that. MR. WITTE: If you didn't, that's good, because that's what it sounded like to me. I think we have to -- there's a lot of distinctions that I think are worth while trying to make, and I'm not sure how many of them I can hit, but I will try to hit a few. One of them is that it is worth noting, as Margot did note, that rule (C)(ii), which is the reasonable demonstration test, does not contain the retention requirement, and as Margot said, that battle was lost, if indeed it was fought, I would say it must have been lost early, because I don't remember that one being particularly hot, but in any event, it is true that (C)(1) says that you have to provide hardware and software information as to the ability to access and retain, which is fair enough, and appropriate, but there isn't a requirement that the consent itself evidence an ability to retain. It is true, again, as Margot said, that the requirements, you know, relating to record retention, well record retention doesn't really have anything to do with this, because we're not talking about regulatory requirements to retain documents, which is what 101(D) is all about, but 101(E) does talk about the capability of saying that if documents required to be in writing and are delivered in the form of electronic records, then they must be capable of access and retention by parties who are entitled to do so, whoever they may be. But that is not the consent, okay, because there isn't anything in ESIGN that requires the disclosures that are associated with the consent to be in writing, indeed it would be counterintuitive if they were required to be in writing, assuming, at least, that we distinguish the electronic communication from writing/paper, one of the great conundra of this thing. So, the ESIGN disclosures on consent process are not as a matter of law things which must be retained; however, anybody who wants to evidence compliance with the consent requirements is going to be well advised to at least be able to retain the information and have evidence itself, himself, whatever, of having done so. Which brings me back, I guess, to the earlier point that was made about delivery. There is nothing in ESIGN that I know of that requires proof that anything be delivered. I think, again, as Margot said, it is accurate to say that other law will determine whether or not you have delivered or not delivered. And in fact, one of the points that many of us on the industry side made early and often in this process is yeah, providing -- the ability to provide information in electronic form as opposed to paper or writing form does not mean that you don't still have to succeed in delivering it. What constitutes delivery, or whether there's really a delivery as opposed to make available requirement, is indeed determined by other law. Now, this distinction and this point, I am going to come back to what Ben said, the language in 101(C)(1) that talks about satisfying the requirement to provide such information in writing, is actually, it's a very intriguing provision, and to understand really what's meant here, because it's true, it says in writing, and it is true that many people asserted loudly during the process that we are not specifying requirements for delivery here, which there are no specific, you know, you shall deliver this way or deliver it by 2:00 in the afternoon or something like that, but on the other hand, what, after all, is the point of 101(C) if it is not to say that if you get this consent, and you provide the appropriate disclosures, and you obtain the reasonable demonstration, that you may indeed provide this information in electronic form. And that means provide it, you know. Yes, if you're supposed to provide it, succeed, somehow, and if you haven't succeeded, there may be a consequence, but it I think would be a mistake to suggest that those who apply the law are free to layer on all kinds of additional burdens on electronic communication under the rubric of delivery and say this is merely writing, and that is to say this is the 101(C) merely deals with the writing requirement, delivery, well, that's something else. And maybe that's out there, indeed it is out there, and it's something I've actually written about, the fact that it is out there, but I don't think it's really consistent with the whole point of this provision, to be layering on those kinds of additional requirements. MS. MAJOR: Elizabeth? MS. YEN: Yes, thank you. I wanted to just note that I think the law on delivery is going to evolve. The same way that the law on delivery with respect to use of the mail, for example, has evolved. And we now have a very robust body of case law that says you're entitled to certain presumptions, but things were delivered and received if you use the U.S. Mail, first class, postage prepaid. Those are issues that have been resolved in the courts over the last 50 or 60 years, they give us presumptions like the mailbox rule, and I think that we will find that evolve over time in the electronic world. As far as the question I think Teresa Schwartz raised earlier about the distinction the Fed has drawn between application disclosures, and the disclosures that pertain to an actual transaction. Transaction is a defined term in ESIGN, and if you read the definition, it appears to contemplate that you actually have a sale, a lease, an exchange, a licensing or some other disposition of property or services, and I think what happened was that if you look at that definition of transaction, plus the definition of consumer in ESIGN, a consumer is an individual who actually obtains products or services through a transaction. You could come up with an argument that 101(C)(1) really is focused on a transaction. So, I was actually very pleased to see that the distinction was drawn in these new Federal Reserve interim rules. I believe it was Eileen who asked earlier for an example of some possible hinderance to the development of e-commerce, and I thought I would just give you an example of a hypothetical that I just sort of made up on the fly. Suppose I want to offer an entirely paperless credit card -- well, unsecured, open end line of credit, paperless. I might mail you the card, but I mean we could posit a scenario where maybe there isn't even a piece of plastic, it's totally paperless. You're on my website, I give you all the credit card applications, solicitation type disclosures that are required by Truth in Lending, and those apparently are not governed by 101(C), but then if you do -- and I instantaneously approve you for credit online. This is all taking 90 seconds. I now therefore have to give you a transaction disclosure, which is your credit card agreement and the disclosures that go with that. So now I am into this world of consent and reasonable demonstration. I for security reasons do not want you to tamper with your periodic statements that I am going to send you in connection with this loan account that we are about to open. So, I am probably not going to want to use HTML for those statements. I may prefer to use PDF, because that's a little harder for a consumer to then jigger. That is going to be a problem. I've had some technology people tell me that if I'm on a secure website, because we have collected some personal financial information from you in the course of your application for this process product. I've probably asked you for your social security number so it's a secure site. It's apparently going to be a technological issue to make you click open some sort of a test PDF file and then get back out of that file and confirm to me during this two-minute on line process that you were able to access something that mimics an account statement. I'm not saying it's not possible to do, but I have been told by some programming people that it really complicates the design of that website. MS. MAJOR: Thank you very much, Elizabeth, that example was very helpful. Jeff? MR. WOOD: Thank you. Yes, that is absolutely true, the use of different formats in a website, and one transaction I think is unduly complicating. I want to follow up on really just one point, and that's the question about the consent and the -- whether or not the ESIGN does apply or should apply or will apply to all documents, I really appreciate Elizabeth's point of the definition of transaction. I think that's very helpful. Also, it's tied together with the delivery issue, because, for example, you know, under reg Z you know, disclosure is provided to the consumer during at least five different points along the transaction. Not every consumer who looks on the website and receives, say, application disclosures about what's being typed on the website, well, apply, and that's one level, and I mean not every customer who applies and receives application disclosures, you know, will then proceed to a transaction because they might either not be approved for credit or they might decide might to go on with the credit product. And so on and so forth, on down the line. In Truth in Lending, not every document has to be provided in the same way. For example, the applications disclosure with a newspaper advertising, or printed in the direct mail solicitation. You don't know necessarily now that the newspaper is going to be opened up and read by John Doe and you have John Doe's consent to receive disclosures that way. So, the delivery, it's presumed because he bought the newspaper and read it. That standard is totally different at the time that John Doe is actually entering into a transaction and his ascent to -- his comments to repay and so forth is satisfied. So, I think the two, the level of disclosure and consent versus the delivery, I think should really go hand in hand. Likewise, there are post closing requirements, for example, many states have notices of right to cure for a delinquency prior to repossession. We did -- we had a question recently, and someone asked how many of these have to be driven by certified mail? Well, only a few states require that that type of notice be given by certified mail. You know, query now that would be implicated by ESIGN, and that's not what we're here to discuss today, but my point is many disclosures simply go out in mail, and they go to the mailbox, and you have the mailbox, so you don't know that the customer is going to open his mail and read it, you have a safe harbor because it's going to the mailbox. And I think, too, impose on e-commerce the requirement that the customer not only get it in his electronic mailbox, but that he open it and/or that he reply to it, I think is putting a burden on electronic commerce that goes above and beyond what is existing in the mail world. MS. HARRINGTON: Jeff, could I ask a follow-up on that? One difference between the mail, the U.S. Postal mail delivery system and the state of sort of electronic information and access to it, is that we know that conceivably, everyone can have mail delivered to them. There are a variety of ways to get real mail delivered, but we don't know, for example, that everyone can access PDF files. I thought Elizabeth's example was very helpful. So, while, you know, conceptually, I think it's probably right that we need to wait for this law to evolve, what do we do right now? What would be the -- what would satisfy the reasonable demonstration requirement that the consumer can indeed access PDF in like one minute? What would your company do? MR. WOOD: I think that's a good segue into the next topic about technology, because I think it's a technological question. If -- I think in some cases, you would need to have a return mail or a return something from the customer saying yes, I did access this, because you can't determine, you know, reasonably based on technology that it was opened. On the other hand, if you know that this customer -- I guess where I have a problem is, you know, if the customer's computer changes, you know, five years down the road, what happens then? But that, I think, is addressed by the act in the next session. MS. HARRINGTON: So, you say word back from consumer, yes, I can access PDS does it. Margot? Does that do it for you? Consumer says by email, yes, I can access PDF? MS. SAUNDERS: I think the consumer has had to -- sorry, I think it's required that the consumer must open a PDF document, read something in it and respond. That's -- that is very specific. MS. HARRINGTON: Okay, answer plus. MS. SAUNDERS: Answer plus, yes. MS. HARRINGTON: Answer plus. Anybody else, Jerry, quickly? MR. BUCKLEY: I just didn't want to respond to that point at this point, but I just wanted to make an observation regarding what the Federal Reserve has done. MS. HARRINGTON: Can you hold it, because Mark has an answer to this one. MR. BUCKLEY: Yeah, thanks. MR. MacCARTHY: I think in the context that you just described, something that would indicate automatically that the customer has opened up the required document would satisfy the requirement. If it was built into the system. MS. HARRINGTON: PDF sensor? MR. MacCARTHY: Something like that. MS. HARRINGTON: I want to go to these, we only have one minute. MS. MAJOR: Go ahead, Jerry. MR. BUCKLEY: I just wanted to say, and it's a point Ben made earlier, in writing doesn't necessarily mean on paper. And the Federal Reserve clearly contemplated that when it proposed its regulations long before ESIGN was even introduced. And I think that the Federal Reserve's ability to prescribe and permit the delivery of the early disclosures is outside of ESIGN, and rests on its general authority under its acts. So, it's important to keep in mind that ESIGN is a safe harbor, and that its requirements don't necessarily apply to acts which otherwise authorize an agency to permit the delivery of disclosures electronically. MS. MAJOR: Okay, Bob, you have one minute, and Margot has one minute to respond. MR. WITTE: Well, I hope it's a direct response, but in -- I think that the four paradigms that I identified at the beginning ought to all be sufficient, really, and if PDF or PDF plus or affirmation or affirmation plus. Mere affirmation, at least in a context of credibility, you know, maybe somebody who is established on -- for advocation purposes as a computer programmer is in a little bit different situation than Aunt Sally, my favorite example, but maybe not. There certainly ought to be contexts where that's sufficient, and what about proof of opening? You know, I mean after all, if you can ultimately establish that the PDF was used, what's wrong with that? I don't think there's any way to have a requirement that you show that the person actually opened it. You can't do that. There's almost no way to prove that they actually did. But at a minimum if you go back to the PDF plus opportunity test, is proof of test, and I don't think there's any basis for suggesting that there has to be a proof of testing. MS. SAUNDERS: I wanted to very quickly address the definition of consumer. The definition of consumer was added to ESIGN very specifically to mimic the definition of consumer in numerous state laws across the country for unfair and deceptive trade practices, Truth in Lending Act and others. I think that the expanded definition of consumer under those state laws has to be read into the definition of consumer in this law, because it's become a term of art rather than a new term which was specifically and newly depth-defying to ESIGN. MS. MAJOR: Well, thank you all so much, and we've ended at 10:30 on the dot. We will take a break until 10:45 and start then with the technology issues. (Pause in the proceedings.) MS. NIELSON: Hello, everyone, I'm Fran Nielson from the National Institute of Standards and Technology, welcome to the technology panel portion of the workshop. Thank you especially to all of the panelists and those who are here to provide their wisdom on this study. We're going to have -- I would like to make one little announcement before we get started, and that is there are some comment cards around so that if you have a question you would like to submit to the panel, if you could fill out your question and wave it in the air, one of our helpers will come pick it up and deliver it to the panel. So, I will say that at the start. First we're going to have some short technology demonstrations. I believe our first demonstration is Dr. Brown, iLumin. DR. BROWN: iLumin. I'm with iLumin and I'm grateful to be here today. What we wanted to show you was a platform that we have developed on the web to perform e-commerce that does have what we believe and our in-house counsel has said might conform to the law for consent, and so we'll have to see if we get sued or not. This is the log-in screen to the website. So, the website -- this is a web-based application where everything is done from a browser to a server at the e-commerce site. And so we have added here, "By logging in, I am consenting to receive any records electronically that I can access through digital handshake technology." So, we're informing you of that. If you have not yet registered with the site, the registration form here says, "By submitting the registration form below, I am consenting to receive any records electronically that I access through digital handshake technology." So, if I go back and log in, we'll get to some documents. And it says that I have two different signing rooms, I want to open up this signing room, and we have added the note here, "By completing any transaction in this signing room, I have consented to receive the records electronically." So, every time you come to something, we're informing you that if you continue on, you are consenting. So, here we have a form to change health plans, and I've started to fill this out, and I will just say I'm ready to sign it, and when I do, it's going to be processed and it comes back and we have the note on here, "By signing this document, I have consented to conduct this transaction electronically." So, every step of the way, we're informing you that if you continue with this, you are consenting to this. Now, some other work that we are doing involves the transformation of data from an XML document to different formats, and I just show this, because later in the law, on the record retention, it says, "Accurately reflects the information set forth in the contract or other records," and one of the things that we are doing is not only allowing the document, which we code as XML, to exist and be translated with the style transformation, as defined by W3C, to an HTML representation that you saw on the screen that I showed you just briefly, but we also are transforming it to the PDA format, the WML, for browsing, and also transforming the information to a wave file that can then be heard over a cell phone. And so in each of these cases, we're trying to take the same information and transform it so that the consumer may be able to receive it by dialing in off of a phone, by having a Internet appliance like a PDA be able to see it, as well as a web browser. And so in this work, we are keeping the data in an XML format, and that's what we are then transforming. And one of the things that we're concerned with that the law -- we're concerned with the statement that it accurately reflects the information set forth in the contract or other record, because we may have a truck driver who receives a bill of lading on his cell phone, and we'll listen to the document being read to him over the cell phone, and then sign that bill of lading digitally by typing a pass code onto the cell phone while the other end who receives that document may see it on the website. And so we're very concerned that we not be restricted to the exact format of it, that the information accurately reflects so that when it's read to you, with the wave file versus viewing it on a WML device versus an HTML device, that we get the same information. MS. NIELSON: Okay, thank you, Dr. Brown. The second demonstration, then, is from NewRiver. Virginia? While they are setting up their demonstration, I was asked to announce that there is a lunch room on the 7th floor. Today's menu may or may not appeal to you, six pieces of fried wings, macaroni and cheese and mixed vegetables for $4.55, or halfsmoke on a bun, a soda and chips for $3.25. And now back to our regularly scheduled program. I just had to say that. There's also a salad bar and sandwiches. MS. GOBATS: Thank you. My demonstration is a little different in that it's from the point of view of the investor. We're from the financial services base, and we are dealing with in this case E*Trade's customers, and E*Trade, I have to give you that information that of course it is an electronic service organization, and they are at the forefront of this kind of consent management. In the E*Trade world, people are transacting business electronically all the time, but they are asked from the point of view of consenting to the delivery of electronic documents in the future, they are asked to sign on with their E*Trade user name, their password and the log on. I don't have to fill anything in in this demo, but I would be filling this information in. And this is, of course, equivalent, really, to the signature, because I'm coming into a secure site where I'm already known. I'm going to log onto or click on account services, which shows me what my balance is, and most of the firms that we deal with are already providing electronic availability or electronic access to statements, not in lieu of paper, but as a service. I'm going to then click on set delivery options, where I'm offered trade confirmations up here in the right, trade confirmations, monthly statements or posted checks. I was interested in the comment about the checks in the earlier discussion. The education portion of this screen, electronic document service is the front end, here's how it happens, here's how E*Trade electronic delivery, document delivery service works, tell us how you want to do it, if you choose, if you consent, and how your documents are filed. This all conforms with the ESIGN regulations. I'm going to consent to not U.S. Mail delivery of my trade confirmation, but electronic delivery, and I'm going to request electronic delivery, it will be electronic delivery for statements as well. I don't have to re-enter, because we're fooling ourselves here. And then I see the consent to electronic delivery of trade confirmations, and I'm going to consent right on it. I'm not going to go through reading this, but we are showing them that we are making the disclosure right here and either I can change my mind and go back, or I consent. That's it. It's that easy. Log off, you've successfully logged off, thank you for using E*Trade, which is the normal log-off for E*Trade. The second one, demonstration is from a -- from the mutual fund world, and here, it's just a little bit different because the customers may or may not be electronic customers. Is it going to come up is the question. Electronic sign on. Now, when the person, when the investor comes into the site, they really are in the secure site already, because they've already obtained a password. If they haven't obtained that password, you see that the second option, which is to reset a forgotten PIN, and when you take that option, you also can get a new PIN, if you don't have a personal identification number already. As you see, you sign off your social security number and your PIN, and you log in, and I am going to -- I am presented with a view of my own portfolio, and then I'm going to click on the electronic delivery consent, and specify my electronic delivery preference, who do I want -- where do I want it mailed, and whether I want an investor statement, yes, I do, electronically, and I want to receive notification, which is an issue that the user has to know that they are going to be notified, and then whether I also want an additional paper copy. I continue, this is the disclosure part, and I agree. And that's it. It's that simple. You have enrolled, click, it's over. It's a simple process. MS. NIELSON: Okay, thank you. Our last mini demonstration, then, is from Selwood Research. Jeremy? MR. NEWMAN: I'm Jeremy Newman from Selwood Research of the UK, thank you very much for having us today. It's nice to be in Washington on a fine spring morning, representing I think the G in ESIGN, the global side of things, without which we would have ESIN. Essentially, and I'll ask Fran later what is meant by a halfsmoke on a roll, that's another matter. Really three key things we're trying to actually nail down, three corners, the holy triangulation of evidence of informed consent, and what I'm doing here in this presentation or illustration is to try and say well, how are we actually going to nail these three, because I don't think you can do just two of them. So, you need have the ability of receive records, informed consent, we talked about that, but I think ease of use both for the business and the consumer is really the paramount thing, it's reducing the burden on both sides. So, these are the three elements, again, we've got the business and the consumer and what we call the recital service provider at the bottom, and at some point in the overall scheme of things, the flow, the transaction flow, an invitation or a request is sent from the business to the consumer for this consent. So, what does the consumer see? In replacement for a signature block, where they actually say please sign here on a piece of paper, we have this thing called a sign spot, which tells the affirming party, the consumer in this case, what to do. And this could be manifested on an email, with a simple -- what I've got here, a preamble and a piece of text, and our proposal with recite a line, is that you pick up a phone and you say what you want to do, and that's recorded. So, you've got the evidence, you've got the informed consent, from the consumer, this could also be manifested on a webpage, and so you pick up a phone, you dial this toll free number, you enter a document code of some sort, invented by the business, the relying party, and I John Doe consent to receive electronic records from Acme underwriting as described in document number 0224973. Done. That's done by the consumer to the service, and then after this, the service provides links to both the business and the consumer, because the consumer is really a kind of pseudo relying party. The consumer needs to say, you know, after the event at some point, I did sign this and I did it on this time and I have this here proof. So, the links go back essentially as an identifier or a number that goes back to the consumer, that says if you want to retrieve your recording at some point downstream, this is the number that you use, and the business also gets instant electronic notification of the agreement having been struck. So, the benefits are obviously excellent evidence of informed consent, you can hear the person saying I want to do this, the accessibility is demonstrated, and Bob Witte earlier saying that there's no method that allows you to prove that the document has been opened, well this is one method, because you have to open the document to see the number, in order to key it into the telephone when you give the recital. So, it's very simple to use, everyone is familiar with using telephones, there's approximately 1.1 billion telephone handsets on the planet, and people are used to doing -- leaving voicemails and using telephones for doing things like card activation and so forth, and it's a very positive affirmation. I think that people need to bear in mind that positive affirmation is essentially preparing the consumer to say I want to do this, handing the card over to the consumer saying if you're ready, we're ready to do this, and we're moving away from this intense focus on authentication of the consumer. You have already established that. This is a system that goes on top of a known relationship between two parties to actually prove the policy of the transaction, and in this case as a consumer consent provision. Thanks very much. MS. NIELSON: Okay, thank you, Jeremy. I want to remind the panelists or tell them for the first time if they weren't part of the earlier panel, that the way we're going to proceed is if you want to make a comment, you flip your name card vertically. Having said that, I've already been asked by Margot to describe the difference in her opinion and maybe everyone's opinion what paper and electronic versions are, just to set the stage for our conversation. Okay, Margot. MS. SAUNDERS: Thank you. We're talking about these very interesting technological questions, but I want to bring us back to the difference between electronic and writings, and just clear -- kind of state for the record what we all kind of intuitively know. A piece of paper can be handed to or mailed to a person, and they can read it without special equipment. You need a computer to access or read an electronic record. A written record can be received by the consumer at no cost. It doesn't cost the consumer anything to have a mailbox. Everybody, including homeless people, have mailboxes and can get U.S. Mail. The electronic record can only be accessed through a computer connected to a third party from whom payment is generally required on an ongoing basis, the Internet service provider. If the consumer moves, the U.S. postal mail can be easily forwarded, at no cost to the consumer, and with minimal difficulty, with generally one notice to the post office a year will suffice to forward all incoming mail. ISPs generally do not forward electronic mail, occasionally with some ISPs, electronic mail will bounce back as undeliverable to the sender, but that's not automatic and it's not universal. A paper writing does not require special equipment to hold onto or retain. Consumer need only put a piece of paper in their drawer or a file or wherever they want, where it will stay until the consumer moves it. On the other hand, an electronic record can only be retained electronically. The consumer must continue to have access to a computer with the ability to retain the record. So if they retained it on a hard disk, they must be able to access it on the hard disk, or at least access to a computer with a printer to retain a printed -- to print out a printed copy of the electronic record. A paper writing is by its nature tangible, once handed to or mailed to a person, it won't go away. It won't -- nothing will happen to it unless the consumer does something to it. But an electronic record can be provided in a form which will disappear after a period of time to be determined by the provider of the record. For example, if the consumer is provided an important notice by the -- by an email with a web link, and the consumer doesn't access the web link within the expected period of days, the web link may no longer be available when the consumer goes to access it, unlike a piece of U.S. Mail, which will stay on the consumer's desk until they throw it away. The printed matter on a paper writing will not change every time someone looks at it, and a paper writing can later be used to -- in court to prove the contents of that writing. On the other hand, an electronic record can easily be provided in a format which is not retainable by the consumer. Many of us have had the experience of trying to retain or print out websites, and that's not always possible. But even if you can retain it, it will not necessarily have the same level of integrity or protection against inadvertent or deliberate change as a paper writing will have. The electronic record is not always preserved in a particularly locked format. Thank you. MS. NIELSON: Okay. Thank you, Margot. Our first question, then, to the panel members, what kind of software and other technology for obtaining consumer consent is out there? We've heard -- we've seen a demonstration from iLumin and from NewRiver and Selwood, they can chime in with more definition, or is there someone else who would like to make a comment on their particular product? MR. LAURIE: Thanks. I will put up my sign. I did want to mention that -- thank you. This is Michael Laurie from Silanas Technology. I wanted to mention that our company is also involved in providing software that is used for capturing consent, more specifically consent in the sense of somebody who is signing documents, and signing could be, you know, anything from a handwritten signature to whatever will provide that capability. So, our company has focused quite a bit over the past few years on understanding how those processes take place in the paper world, and making sure that the processes coming from the paper world can then be used in the electronic world as well. So, what we've found was with most of the people who use this type of technology is that being able to understand what they're doing at any given moment is crucial to achieving that capability. And probably I spent at least as crucial as security technology, which is often confused with the process of signing. So, Silanas has produced software that is capable of working in a number of different formats, some of which have been mentioned here, such as PDF, as well as word processing formats. And to some extent to also address the issues that were mentioned with regards to paper versus electronic, whereas a document can be maintained and its integrity can be maintained, as well as the consent that was provided as part of that document can also be maintained as part of that document. And that's something that we have been working on very hard to ensure that we recognize that paper is a very difficult technology to beat. It's -- you can take it out and use it whenever you need to, it never runs out of power, it doesn't crash on you or whatever, so it works all the time. Being able to replicate that in the electronic world is a real challenge, and something that to some extent our company has achieved so far. It's not perfect, but then neither is paper, as we have discovered. So, that's what I wanted to at least mention as a starter to this session. MS. NIELSON: Okay, thank you, Michael. Is it Tom? MR. WELLS: Hi, Tom Wells at b4bpartner, and we, too, have an electronic signature consent process, with a little different spin. We sign HTML or XHTML or dynamic HTML documents, depending on the type of data, by placing information on the document itself, the name of the consumer, a date and time stamp and document signature ID, because we think it's important, like Michael mentioned earlier, that in the electronic signature world, it closely mimics the physical world, so that the consumer has a document that has some indication that the document has been signed. And where we go a step further is, we've integrated that with a web vault product for the consumer that's stored at the institution's website, to date and time stamp the document so that the consumer can always dial back into the Internet and through an authentication process, look at his document. Similar to what E*Trade is doing with their file cabinet system, except with more functionality, you're able to fax in and you're able to multiple -- have multiple party signings within the web vault. But I wanted to get to Margot's point. I live in south Florida, and when Hurricane Andrew hits, documents do not stay on the desk stop. They fly everywhere. And understanding that, I think that the electronic -- certainly you mentioned all the favorable things about paper versus electronic, but there are some benefits about electronic versus paper. One of which is if your house is destroyed, your electronic records are not destroyed. Another one is accessibility. I believe, Margot, that the initial consumers are going to be -- are not going to be your typical clients, they're going to be high network individuals who travel often. It's a new technology. They have to have the capacity and the Digital Divide indicates that maybe some of your consumers may not have access immediately. So, accessibility, for people to be able to receive their records wherever they are, any time, anywhere. The third thing is the ability to share documents, and to clearly collaborate with third parties is an important feature, because when you have a piece of paper, then I need to either mail it to my attorney or fax it to my attorney and if I have to fax it, then it requires me to be concerned who is at the other end of that fax line, and it may be a secretary, and not the attorney. And then finally, the last thing is that I practiced estate planning law for 12 years, and when people die, the surviving spouse can't always remember where all those records are, and so probate estates may just continue on and on, which is not a bad thing for an estate planning attorney, but for the consumer, it's not the best thing. So, an electronic document aggregation tool can really solve a lot of the problems we have right now in the paper world. MS. NIELSON: Thank you, Tom. Let's go with Jane, and then Virginia. MS. WINN: Hello, my name is Jane Winn, I teach at SMU Law School in Dallas, Texas. I was going to say, and I live in Texas, where we've learned that when tornados hit buildings, they pull the papers out. What I think is interesting is who has chosen to participate in this public process, and who's absent. I don't notice any standard developing organizations here, and I think that you can't talk about consumer protection in electronic commerce without thinking about the role of standard developing organizations. Many of the problems that people are addressing in using existing technologies to mediate contract processes, as far as I can tell, arise from the fact that most of the products that we're working with right now were developed for the publishing industry. PDF is about brochures, HTML is about document mark-up. These technical standards were not developed with transaction processing in mind. Right now, today, while we're having this meeting, there are standard developing organizations around the world working on the next generation of electronic commerce technology, which will explicitly address transaction processing in contract formation. And if those people aren't present in the room today, it's not clear to me that consumer interests can be adequately protected. What I would suggest is that if we define the debate in terms of finding an equivalent to a writing, we're going to continuously miss the emerging issues in consumer protection. I think that what we've seen in a lot of arenas is that open public standards for technology are an important form of consumer protection, and all of these vendors here today with their fine products would be on a level playing field competing for consumer acceptance if there was a workable framework of open public standards. I personally would prefer not to do electronic commerce in a world where the standards are owned by organizations that have their headquarters in western states. Since law professors get into trouble for demeaning multinational corporations, I'm avoiding identifying specific organizations. So, what I would say is that the issue on the table can be thought of as contract formation processes generally, and I think that notwithstanding the fact that many of these product vendors who come here today have fine products, what the consumer's interest is, is in making sure that the standard developing organizations take account of consumer interests and remain accountable. MS. NIELSON: Okay, thank you, Jane. Virginia? MS. GOBATS: First I have to answer who's out there. Who's out there providing consent or thinking about servicing this issue of consent. Certainly the financial services space, where NewRiver practices, each of those, each of the organizations, all of the silos, insurance, banking, mutual funds, verbal annuities, back in insurance again, and all the people who are in the electronic commerce world already are working on their own consent process. Legacy Systems add a little piece of a routine, a technical routine, to the methodology they already use to deliver the electronic information about people's accounts, or people's financial portfolios. They already have PINs in place or secure environments in place. So, the people who are working are the insiders in financial industry, are working on something that just expands a process that's already in place by adding another method of communication. So, I think they are there developing their own services, or they are using an outsource or many outsources in combination, like the people who are here. That's who's there. To address Margot's issue on the subject of just reliability, you know, will that web link still be there, each time the notification that a document is available for electronic viewing is sent, a new hyperlink is sent. Now, I don't know if every organization does that, but certainly the ones I'm familiar with do that, send an email notification that your documents are ready for viewing, with a hyperlink in it to a secure site, a scalable secure site. MS. SAUNDERS: And how long does that remain on the web? MS. GOBATS: It isn't on the web, it's at a secure site that you are sent to. So, we're not in the HTTBS world. MS. SAUNDERS: Isn't there a limited amount of time that it stays there? MS. GOBATS: Yes, but it's regulated. Under financial services, there are rules about how long you have to keep the records available. So, I mean, you can call today and ask your mutual fund firm that you're doing business with to give you a statement from ten years ago and they will produce it, in paper. So, the question is whether they'll charge you or not, you know, it's too long, but there's a staging process, as when it's available in the site, at the secure site, for immediate access. When it's available for, you know, within 48 hours, when it's available within two days, or when it's available in a week, and by mail. So, the industry has addressed that issue of how long it's retained, and certainly in the mutual fund industry where service has been a theme, for a long time, and good service, the clients are aware of the fact that they can get old records in paper, and they are now being told that they can get those old records electronically. So, I think at least an attempt has been made to satisfy that caution. And then the nexus on being able to reproduce the record. Certainly the people that we are working with already have in place or are developing the methods of keeping the template that was used on the date that the document was delivered. So that if somebody wants an old document, the date of the delivery of that document is in the records, and the template that was used on that date is. So, essentially, the document is reconstructed on the fly, and it will look just like it looked then. And there are demonstrations of that. It's in -- it's alive and well at the moment. And then the last thing is that I think that from the point of view of all of the users, you know, across the broad spectrum of people who are technology conversant and those who are not, we're thinking at our firm, at NewRiver, that the process is really educate, educate people about what electronic delivery is about, then solicit their consent or solicit their -- or ask them if they're interested and if this is appropriate for them. It's not appropriate for everybody, just like automatic voice response is not appropriate for everybody, then collect it from them, and then maintain those records, and provide service, using those records of consent or I like to say preference. I prefer to get these kinds of documents electronically, and tell them that at any time, you can also get this in paper. If I need one, if I'm getting a divorce, and I need pieces of paper, I'm going to be able to get the paper, and I can turn off and turn on my choice at any time. I can consent to electronic delivery for three months, decide I really don't like it, then consent again, go back and forth, back and forth, consent and revoke. And in all of the screens, in these screens that I showed you, and in most of the screens that I've seen from our clients, that is right up front. One last thing, I'll give up my air time. Yes, there is a cost to electronic delivery, and it is the cost of the phone connection or the cost from your ISP, and that, we are obligated to tell people up front. So -- MS. NIELSON: Okay. Thank you, Virginia. Thomas, and then Bill's going to talk a little bit about the standards question that Jane brought up. MR. GRECO: Okay, very quickly, because I think there's a lot of other issues that we can get to here that's a more profitable use of folks time. My name is Tom Greco, I'm with the Digital Signature Trust Company, a particular type of provider of electronic signatures, digital certificates and digital signature technology. I think Virginia makes a very good point. There are going to be a number of applications that we're going to be attacking with this electronic technology. Some will merit the use of certain technology, some will not merit the use of certain technology. This is going to be a marketplace decision, businesses will offer up more or less complicated technologies depending on the merits. The use of an electronic process to do a home mortgage, for example, probably entails certain technology requirements and document storage, document integrity, retrieval of records. That's not necessarily the same for the run of the mill consumer electronic purchase, and we need to recognize that and certainly when we write new laws, for example, ESIGN, not try to make one size fit all. Not all electronic transactions are going to require PKI technology, but PKI technology works very well for certain types of applications. Margot raises the document integrity issue. That's one that PKI can solve. There are solutions out there that encompass long-term document storage, in terms of being able to provide a document 30 years from now, that was the same document or looks the same that the consumer signed today. These are the processes that are actually being worked out today. There are folks out there designing business processes to take advantage of electronics. That is coming. Notwithstanding Jane's comment that it might be appropriate to have standard-based bodies doing a lot of this work. The fact of the matter is that standards-based bodies take quite some time to develop. There are loads of standards right now that people are writing technology solutions to. PKI standards exist, for example, XML standards exist. They're out there, they're being attacked, and the users ever applying those processes. So, I think there's a lot of things happening right now to move towards a more fundamental fully developed electronic commerce world, and we'll see, back to the point of I think why we're here today, what is it that, you know, FTC and Commerce should be telling Congress in their report. Well, one of my points is that I think that we're at the very beginning stages of being able to answer some of the questions, what do businesses need, what do consumers need to make this kind of thing happen. And I think, you know, frankly, six months into it, we're willfully, you know, have a lack of knowledge of exactly what these processes should look like. I think this is a law that we can work with today, and as we gain more knowledge about what the, you know, hurdles are being presented by things like consumer consent, we'll have a better ability to tell, you know, Congress, for example, here's what we're finding, here's what businesses are finding, here's what consumers have been finding, these are the tweaks that are necessary. MS. NIELSON: Thanks, Tom. MR. BURR: Well, I'm Bill Burr from the National Institute of Standards and Technology. I would like to say that we at least occasionally do develop standards. We do work on them. And to some at least, in the area of digital signatures. And as Tom pointed out, there's really quite a lot of standards activity there. What I have been struck by all of this is that when I first saw the ESIGN Act, I was a little bit shocked in a way. If you contrast what we're doing in the U.S. with, say, the European Union Directive on Electronic Signatures and what's come out of that, with that or the German digital signature law and so on, they tend to favor what I would call a fairly very weight rigorous system of signatures, and I take the ESIGN bill to be very different than that, and in essence to say something along the lines of you don't have to do everything in a really heavy way, truly cryptographically rigorous fashion that will let the marketplace decide more and perhaps evolve. Technologies that are appropriate and meet business needs, and they don't necessarily have to be truly from the cartographers point of view rigorous or strong. Now, PKI, I think, is the strong technology. I think I read a paper of Jane's recently that was somewhat skeptical of the success of PKI, but it does, I believe, offer a way to do very rigorous heavyweight kinds of protections that will ensure integrity and who signed it and a lot of other things. From Margot's point of view, I don't think that broadly imposing that on everything will help the poor, the downtrodden, the people who are not technology adroit at all, it will make it much worse for them. They will have a lot more to overcome to participate. So, you know, you have to strike some sort of a balance here. There are lots of standards. I think as Tom point out, standards is a painful and tedious process, and we have a law, and people want to do business, and I think we're going to have to improvise, but I suppose we could have somebody here from the WC3, I think a couple of the companies here probably participate in that. But I don't know, you know, we're going to have to live with it as far as I see and do the best we can. MS. NIELSON: Okay. Thanks, Bill. Margot and then Jim. MS. SAUNDERS: I have a couple of points. One, despite what I may seem, I'm not troglodyte, I am not against e-commerce, I use it myself all the time, I think that it is a wonderful resource. I think that it will significantly help low income communities and low income people in particular, it will widen their choices and widen their marketplaces and I think it's terrific. But my function here today is to continue to remind everyone else that the whole world is not yet online and the difference is based between poor people and those who are online. I want to quote the Department of Commerce's statistics to you all, just again to set the stage that I think, Tom, you said that your product is going to not go -- it's not designed for my clients, it's designed for much wealthier folks, and -- MR. WELLS: Well, maybe not, I say that it would be a mistake to try and appease all the clients all of the time initially. MS. SAUNDERS: I completely agree. I'm just trying to -- as you all may notice, I'm only one up here, so I don't mean to be the one talking all the time, but according to the Department of Commerce's recent report on the Digital Divide, 45 percent of this country is online, but only 35 percent of the households have access from their home, and the balance of those -- so, we are talking about ongoing easy access to information for 35 percent of the population. While the remaining 10 percent between 35 and 45 percent who are online and 35 who have access at their home, a majority of those folks access the Internet from their work, which is not always a favorite thing to do for personal information. And another large percentage access it at public access points such as public libraries and schools. Or someone else's computers. But again, I want to remind us, remind everybody, if we were simply designing a system for communication that was solely online, the concerns that we continue to articulate would not be a problem. So that when a consumer was standing in a room, if we had a difference -- if there would be no problem about providing that consumer standing in the room with paper disclosures, we wouldn't need this electronic consent issue. If there would be no problem about the consumer who consented to receive online disclosures, and then six months or two years later had a financial reverse due to sickness or loss of job or something, and suddenly lost their access to the Internet, we wouldn't have as much -- and if that consumer could then easily go offline and say I want everything on paper because I don't have easy access any longer, we wouldn't have the same degree of concern. So, it's, again, it's the interplay between the physical world and the real world, and the electronic world that I'm most concerned with. I do want to take one second to respond to a couple of the demonstrations, by Dr. Brown specifically. He said that you could click on a button that said I am consenting to receive electronic records that I access using a certain technology, and I don't believe that unless the technology is used to actually consent, that that satisfies the law's requirement to electronically consent, quote, "in a manner" which reasonably demonstrates the consumer's capacity to access. So, and that wasn't clear from the demonstration. Also, another example provided was that a truck driver could be read a bill of lading over a wireless telephone. I don't know off the top of my head whether a bill of lading has an underlying state law requirement that it be in writing. But if it does, it may satisfy some requirement, but it does not -- that delivery of that bill of lading does not satisfy the requirement in 101(E), which is that if a writing is required, it must be provided in a manner -- it may be denied if it's not provided in a form that's capable of being retained, and how in the world would that wireless -- would that consumer, would that -- whether or not he's a consumer, would that truck driver be able to retain an oral communication of that bill of lading. Thank you. MS. NIELSON: Okay, I have Jim, and then Mark and then Bruce. MR. BRANDT: Thank you. I'm Jim Brandt with VeriSign, and VeriSign provides industry-leading technology to support secure electronic commerce in communication, specifically through the use of digital certificates and underlying public infrastructure, which, in fact, provides the security services that the ESIGN Act and also the government corollary JAPEA Act contemplates. That is to be able to identify specifically who is you're communicating, that is identification, over the web in electronic communication to protect the communications, to provide integrity to that information, and perhaps the privacy of the information as well. These technologies through standards of bodies working with Bill and others, internationally have developed and integrated this kind of technology within all of the technologies we've talked about here in terms of standard protocols, supporting secure mail, web interfaces, even secure form technology, as well as transactions associated with XML and others that are evolving. Now, in terms of its usage, I think although it's hard to define a ubiquitous standard, I think it's fair to say that within business, within business today, PKI is effectively the de facto standard for providing security for e-commerce transactions, and is becoming so within the Federal Government as well. I think what we find is that again, in terms of utility, there are enabling programs in driving the use of this kind of technology to provide the level of service that not only business but government is requiring, and is being required by their constituents, in terms of either trading partners wanting to have more convenience or more open access for more information, more timeliness, lower costs of operations, et cetera. So, there are real driving reasons why this technology is being enabled within government and industry today. I think it's fair to say that to date, that probably has not evolved into the commercial market, and I would submit probably because there is not enabling applications to drive it there. In terms of motivation by a consumer or other one to take advantage of this technology to become more familiar with it, and to reap some of the benefits that the technology can provide. I think there is, however, opportunities for the technology if some of the vendors here today, including VeriSign, to assist in that education and discovery and communication process that exists today. We, for example, have an opportunity for a consumer to come to VeriSign website and to request for a digital certificate to be able to explore the technologies in terms of email and communications, et cetera, on a trial basis. And this technology, of course, can go a long way, and this opportunity can go a long way to bridging that educational gap that we've talked about. I think in terms of the use, certainly, I think it's correct that not everybody today is connected, not everybody has a computer; however, this technology, it supports the ability for shared communication platforms, and provides the ability through a number of more recent developments in the industry to provide secure communications for individuals at shared resources such as at a kiosk or in a library computer, et cetera, where the benefits can be expanded beyond just the household. MS. NIELSON: Okay, thank you, Jim. Mark, did you change your mind? MR. MacCARTHY: Oh, I'm sorry, no, I was anticipating. MS. NIELSON: Okay, go ahead. MR. MacCARTHY: Since people tend to leave them up, I tend to put my down before I get called on. I think this has been a very fruitful discussion and I want to take the opportunity again to thank the Federal Trade Commission and NTIA for hosting this workshop. Having lived through both UETA and ESIGN, I found the discussion this morning very sophisticated and a very useful discussion for understanding from a variety of perspectives some of the nuances and the issues that we're still all trying to grapple with as this, I think, landmark bill gets implemented and dealt with in a variety of contexts. Having listened to part of the discussion, the technology discussion so far this morning, I want to address my comments coming back to the purpose of the workshop and the report, trying to give you our association's views, which include about a thousand companies who develop code and content for the Internet, for business, for end user consumers and for education. And I want to leave you with three points, some of which echo some of the earlier comments. The first is it's important to recall that ESIGN, it was meant to be a technology neutral bill. And underlying part of that technology neutrality was actually an element of protecting consumers from being held hostage to particular technologies and the legal implications of those. And so I think it's very important to remember that part of the technology neutrality is, in fact, a way of lessening the burden on consumers, rather than burdening them with specific obligations if a technology is used and therefore the law says that means X, Y or Z. I think what we've heard today is a variety of environments in which, depending on who the end users are, what the environment is, which includes legal obligations where writings may be required, that there will be adapted for those sectors the appropriate technologies that facilitate, pick a transaction, determine whether consent has occurred, which may not be a technological issue, I want to point out, and which provide the written background, other collateral information that is relevant to the transaction. And I think it's very important to understand that it will not be a one size fits all when it comes to this issue. Part of the discussion this morning, I think, I think what we've heard are that there are different levels of sophistication depending on the users. Let me tell you that when all of the parties were sitting down trying to figure out the ESIGN bill, less than a year ago, I would say that none of the technologies that were demonstrated here were even on the radar screen. And I think that's very important to keep in mind. That, in fact, what we saw six months ago, in terms of these kinds of applications, are not going to be true a year from now, and that we're going to see new applications that will probably even more effectively get consumers and end users what they want while providing businesses an opportunity to reach more customers. And I think that's important to keep in mind as we look at some of these technology issues in the context of the specific purpose of the study. The second point I want to make is I think it's important for NTIA and the Federal Trade Commission to recognize that in developing each of these technologies a number of factors come into play, only part of which are writing requirements that come under ESIGN. Part of it is a service orientation of trying to meet the customer needs, trying to do so in a cost efficient manner, part of it is security needs. I think the discussion this morning suggested that businesses and application hosting providers are trying to incorporate a number of different business goals into what they're doing. This is only one factor that plays into that. For example, in our industry, and this is very relevant to the access question, our industry is wrestling with the implementation of section 508 of the Americans with Disabilities Act, which talks about how we're going to access technologies using the Federal Government procurement system. So, it's important to keep in mind that there are a number of different business factors that go into these decisions, not just the writing requirements or whether we're going to capture a consumer in a way that is adversely effected. But I think the third point that's important to remember is that -- and I appreciated Margot's recollection of why there is, I think, a comfort level with paper, but even the fact that there is paper doesn't satisfy key questions about whether there is, in fact, a contract, what the intent of the parties was. Whether it's paper or electronic, you still have the outside legal framework issues about whether they are consistent with public policy or whether there was a contract, and it's important to remember that in ESIGN, this consent provision, (C)(ii), is one of only a number of steps that are provided for in terms of as a stop gap measure, procedural issues that involve access to the technology and what kind of technological capacity you have, and so it's important to see this particular provision in the panoply of all of the consent provisions, not just any one. So, I think this technology discussion is very useful and we look forward to working with you as you prepare your report on the implications of this -- technology implications of this for this particular section. MS. NIELSON: Okay, thank you, Mark. I just want to say one thing. Time is short and I hate to cut off the conversation. I want to let Bruce make a comment because he hasn't had an opportunity in this forum, and is it Keith? I'm sorry, my eyesight. And then Keith. I know I'm going out of order, because you ladies have already had an opportunity to speak, and then Marianne, and I'm sorry, sir, I can't see your tag. Yes, is that okay? So, if we can keep our comments short, because it's now 11:45, and we were supposed to end. So, Bruce, Mary Ann, and Christopher. DR. BROWN: Well, while the product that I demonstrated today was Internet-based, I don't believe that the Internet is the only way to access, and what I was trying to infer with the telephone was that the telephone could be the ubiquitous connection to any of these e-commerce, and we are in the process of developing that. The idea that we would like to be able to close on a house by walking into the house and saying gee, this is the one I want, and be able to dial up and do the closing instantly is sort of the realm that we want to move to, and we call it mobile digital commerce, that would be totally wireless and you totally can do everything from a ubiquitous information appliance that may be a cell phone, it may be a PDA, but that's where we believe the world is going. MS. NIELSON: Thanks, Bruce. Keith? MR. ANDERSON: Excuse me, Craig. I'm Keith Anderson, I'm with the Federal Trade Commission. I had a question, actually, now is probably not the right time to be asking questions, so let me put it out there and people may want to address it this afternoon. Margot raised the question about what happens if you get the wrong email address or the email address is dead, and I'm wondering where we stand technologically on that issue. Is there -- is there a system out there -- is there a system on the horizon that would allow us to know whether any mail is received by the right party? Does this -- is there a -- even a universal kick back if I mistype an address and get an address that doesn't exist. MS. NIELSON: You should let a vendor answer that, but as a user, I can tell you no. That's the short answer. But this is my personal opinion. If that is a requirement, we need to lay it out to the vendors that this is something that is needed, and I mean, technology in my opinion can do almost anything, we just have to tell it what it is that we want it to do. MR. ANDERSON: Sure. MS. NIELSON: But now, to my knowledge, unless somebody else can correct me. MR. ANDERSON: It's not a requirement at this point, but it's a problem, because if I furnish my email address to somebody to send me notices and I make a mistake or a year passes and I change my account, if I've lost that information, that's a difficulty. MS. NIELSON: That's correct. The same thing as moving, when you're getting regular mail, you have to take some action. MR. ANDERSON: But as Margot noted, the system exists to handle that one, I'm not sure the system -- that's what I'm trying to figure out, does that system exist in the e-world. MS. GOBATS: I'm jumping up and down over here. MS. NIELSON: I'm sorry. MS. GOBATS: We do have a very robust bounce process that we offer to our clients, and there are other robust bounce processes. Yes, you're at the mercy of the ISP to get it bounced back, and it isn't 100 percent, but we do have one, and based on the preference of the compliance people within each of the clients, you get a number of bounces and then you revert it back to paper immediately. The second thing is about the emails changing. There are a few. Maybe not several, but at least a few organizations who are talking to the U.S. Post Office about a universal electronic address that is for your important kinds of things, like a registered email, that never changes, no matter if you change your ISP or not. So, there are a lot of people who are working toward solving those problems. And then the last thing is that even if they lose -- if you lose them, through bounced email or they move or they suddenly don't have enough money to pay the Internet service provider, keep in mind that the financial organizations are always talking to those clients, in all the other mediums, phone, mail, trust me, the mail is not going to stop coming to you if you get your documents, your client's documents electronically. So, you can use any one of the methods of communicating with the firm and the firm with you, regardless of your ability to continue to get electronic deliveries. MS. NIELSON: Okay. Marianne? MS. SCHWANKE: I have a couple of questions, but they're brief, I think. I just wanted to follow up with each of the organizations that demonstrated technology to make sure I understand how that particular technology actually can be employed to get consent in the way that ESIGN requires. So, if I could just ask -- well, I'll follow up with Virginia first. Is both the consent process and the information that's provided electronically both via a secure website? When the consumer is initially asked for their consent. MS. GOBATS: Let me separate it here. The consent process is at a secure website, because you have to already be a customer to get in and whatever. The delivery is of an email, and that is not in a secure site, but the hyperlink to look at the information is a hyperlink to a secure site that has a firewall and that you need to have your PIN to get into. MS. SCHWANKE: So the email delivers a notification that the electronic information is at a secure website. MS. GOBATS: Available. MS. SCHWANKE: The actual if you're required to provide a certain piece of information in writing, that information is provided electronically on the website, but you get a notice by email that says you have to go to this website to get the information? MS. GOBATS: But a secure site, with all of the appropriate firewalls and all of that we are accustomed to seeing now when you look at confidential personal information. MS. SCHWANKE: And then initially you consent to receiving that information by being at that secure website. I'm just trying to connect the consent and the information you're getting. MS. GOBATS: You consent to be notified that the information is available to you. Now the information could be available to you, that link could be to a website where you get impersonal information, like product information, annual report prospectus, whatever, that might be right on the website in PDF 4. Or if it's your investor statement, you will definitely be sent to a secure site with all the firewall protections in which you have to uniquely identify yourself before you can get at your personal information. MS. SCHWANKE: And you've already been at that website initially to consent? THE WITNESS: But that's not -- yes, you've already been there to consent, yes. MS. SCHWANKE: Okay. Can I just ask the same question of iLumin. Is the consent process and the information both provided via a website? DR. BROWN: Yes. MS. SCHWANKE: Okay, so you've been to the website, you consent, you're already using clicking on the website, and that is also the same format that the information that you are going to be receiving, that ordinarily you would be required to get it in writing, is also on the website? DR. BROWN: Yes. MS. SCHWANKE: And then the same question really for Selwood, I think I understand that Selwood's process is a little bit different, you get an email message that can suggest that you actually call and give your consent orally, then how is the information that you're receiving electronically provided to you and how by making a phone call do you consent in a way that shows that you can access that information? MR. SMITHIES: This is Christopher Smithies of Selwood Research. The information can be delivered to you in any way, in any electronic means -- by any electronic means. Your response will demonstrate your receipt, because you are given as part of that communication the instruction to respond to indicate that you have a particular attitude with regard to that communication. In this case, for example, that you consent, and that you are asked to provide a unique number to identify precisely in respect of what you are consenting. In other words, to identify the solicitation that you received. So, without knowing -- you wouldn't know that unique number unless you had been able to read and understand that solicitation. So, by virtue of that fact, it's clear that you are reacting to having not only opened, but understood that communication. And you are now being asked to say in language, that you consent. MS. SCHWANKE: So, you get a solicitation, say, for example, by email, and it has a number in it to call and also some kind of code or code number, and you call and you orally say I consent to receive the information electronically and I provide this number. MR. SMITHIES: Yes. MS. SCHWANKE: Then how is the information that you're consenting to receive electronically delivered to you? MR. SMITHIES: It's delivered along in the same -- in the same message as the solicitation to respond to it, they're both in the same communication. MS. SCHWANKE: In the same format? MR. SMITHIES: In the same format. MS. SCHWANKE: Okay, so if you received an email, then the information that you're consenting to receive electronically is also sent to you by email? MR. SMITHIES: Yes. As it were, you could have paragraph 1 that could be, for example, some kind of notice, and paragraph 2, just in the same essential format as paragraph 1, could say and now would you please indicate that you understand and accept this by now telephoning this number, keying in this unique number, and reciting the following words. So, there would be just two sections of one and the same document. MS. SCHWANKE: And then is there a situation where you might on an ongoing basis receive electronic information, and if so, in what format would that come? MR. SMITHIES: Paragraph 1 might say something to the effect if you're being asked to consent to receiving messages like this one, for the next two years, if you agree to this, please follow the steps below. Below then would be the steps. So, you're being asked to positively respond. MS. SCHWANKE: Thank you. MS. NIELSON: Christopher, did you want to make a comment? MR. SMITHIES: Yes, thank you. MS. NIELSON: I think that's going to have to be our closing comments except for mine. MR. SMITHIES: I would be very interested to hear certain examples of how consumers are protected by being asked to consent. And also I think it's very useful to consider examples where consumers might be benefited by the kinds of provisions that have been made to protect them by the ESIGN legislation. I want -- I think it would be very constructive to concentrate on just what sort of consumer is helped and what sort of potential abuse would be cured by certain approaches, and I think that we need to perhaps even stand back from the technological issue, because I think once we have got a mean -- once we have got our aims and ideals in place, there will always be some technology designed to comply with that. It seems to me that just for example, that if I were a very impressionable and easily persuaded person, and I have a pressure salesman telling me to press this button, press this button now, put that card in, just type this 12-digit number, and I say yes, I will do all that, but what am I doing here, what's happening? And he says thank you, that's all right, you can go now, I could go out of his showroom with my head spinning and probably have complied with the consumer consent provisions of ESIGN, but whether I as a slightly confused consumer have been helped by them, I don't know. Possibly, you know, a lot of barrages of legal notices which I have to click to say I understand may actually not materially help the very consumers that it's designed to help. That is just an issue that I might raise. And it might also be useful to contemplate, you know, if I have, in fact, gone through such a procedure, what has been reasonably demonstrated thereby? MS. NIELSON: I appreciate your comments, because it's a lead-in to the next panel session, in our opinion, this is where we will talk about the benefits and the burdens. Also, I want to encourage you to attend the technical demos in Room 532. We have more from all of our colleagues on the panel, and some additional ones, so please go down there, ask your specific questions. Thank you all for your participation. I think this has been a very interesting and informative discussion. If you have additional comments and concerns and questions, I think you can still get them to us for incorporation in the workshop record. Thank you very much. (Whereupon, at 12:00 p.m., a lunch recess was taken.) AFTERNOON SESSION (1:06 p.m.) MS. SMITH: Hi, can we get started? Is everybody ready to start the new panel? I hope everybody had a good lunch and they're all fired up to start again. My name is Kathy Smith, I'm the chief counsel at NTIA, and the first thing I would like to do is thank you all again for your willingness to participate in this public workshop. We enjoyed reading your comments. I listened this morning to the audiocast of the early morning panels and I have to say it appeared that we got a lot of useful information and I hope that the same thing happens this afternoon. Just to begin so that we can start some ground rules to set the stage, as I understand it, the protocol for how we gain responses this morning is if you want to comment on a question, put your tent upright, and since I'm not the tallest person in the room, for those of you on my immediate left and right, please use a long arm so that I can see you and recognize you as appropriate. I would genuinely appreciate that. The panel this afternoon is we are loosely calling the benefits and burdens panel. As all of you know, Congress asked us to specifically study the benefits provided to consumers by the electronic consent procedures, any burdens imposed on electronic commerce by those procedures, and whether the benefits outweigh the burdens. Congress also specifically asked us to examine whether there might be any suggested changes to the statute that either the Federal Trade Commission or the Secretary of Commerce could recommend to better the provisions based on what we determine to be the case on these issues. So, with that in mind, I would like to start the panel. I also should note that we had a beautiful set-up at the end of the technology panel by Mr. Smithies from Selwood who actually couldn't have framed the questions any better if he had been on our payroll. So, I would also, if Mr. Smithies is in the room, like to thank him for the beautiful set-up he did for beginning this panel. And on that note, I think I will turn to the first question, which is what are the benefits that the electronic consent procedures provides to consumers, and I will open the floor with that. Yes, please. MS. HILLEBRAND: Gail Hillebrand, Consumers Union. One of the most important benefits of the particular part of the consent provision that's under discussion today is that it's self executing in a way different from most disclosures. Mr. Smithies said, well, do consumers read these disclosures. We know historically that some consumers benefit by reading disclosures, other consumers benefit from disclosures because someone else reads them, a grown child, a neighbor, a friend, an attorney, and other consumers benefit from disclosures when they don't read them, because there's a marketplace restriction on how far you will go if you know that you have to put it in writing and someone might see it. But the consent provision, and particularly the reasonably demonstrate requirement, does something else. It gives lots of flexibility, lots of freedom to businesses to say how to do it, but in the end it has to work. It's a standard more than just did we hand this to you, did you read it. It has to reasonably demonstrate it, it has to work. It has to make it fairly likely that when the consumer gets the next piece, they're going to be able to open it. And it's that self-enforcing feature that I think provides the greatest benefit to consumers. It is, of course, hard to measure benefit because the benefit is in the prevention. It's in the abuses that don't happen, and the harms that don't occur, and it's always difficult to even think about how to quantify those, but one of the key benefits that I see is that the method of consent itself has to show that the consumer will, in fact, be able to use these kinds of documents that will be delivered in this fashion at a later time. MS. SMITH: Actually, I have a follow-up to that as well. I mean, that's one of the things that we've been discussing amongst ourselves is with the provisions only having gone in effect a little less than five months ago at this point, one of the things we noted in the comments, and most of your comments actually reflect it, is there's been very little opportunity to put in practice in some ways many of these provisions. And so one of the things I think would be useful to us as we make these report to Congress is if anyone has any examples, even if it's only anecdotal examples of how these provisions are working, or the benefits that you perceive, we would certainly welcome you putting them in the record today, and/or following up with us, because that is -- quantifying is going to be a particularly daunting task for us, given the amount of time that's elapsed since the provisions became effective. So, if any of you in following up on this question have any concrete examples you can give us, I think we would welcome that as well. MS. WINN: Hello, I'm Jane Winn from SMU Law School. I think one of the benefits in ESIGN is that it at least tacitly recognizes that right now today in the world of Internet commerce, there is a critical shortage of accepted standards and there are serious problems of inneroperability and obsolescence in technology, and that is a major obstacle facing anyone who wants to conduct transactions online. And I think that ESIGN definitely got it right, by saying that that is not the consumer's problem. That if this is a -- this is a problem for which there is today no simple, easy, effective solution, between asking the merchant to deal with those problems, and asking the consumer to deal with those problems, I think the only rational economic choice is to ask the merchant to deal with them. What I would ask is whether or not those are the only relevant players for which that problem could be assigned, that there's a missing third player, which is the technology developers themselves, and the fact that it's a burden that has to either be assigned to the consumer or the merchant, is a function of the way technology is being developed. And the Federal Trade Commission might be able to play a constructive role in promoting the development of responsible standards. In my earlier comment, I mentioned standards, and it become obvious as the topic of standards got passed around that it was six blind men and the elephant kind of thing. I understand that the National Technology Standards Institute is a formal government standard-developing body, but I would argue that in electronic commerce, the need for inneroperability will create de facto standards, and that proprietary software solutions can be de facto standards in the marketplace, whether or not they've ever been recognized by a formal standard-developing body. And so there are a lot of very informal, ad hoc processes that will play a critical role in the evolution of e-commerce that I think need to be part of the central focus here, so that it's not a zero sum game between consumers and merchants. MS. SMITH: I noticed Mr. Gallagher and then Mr. Wells. Would you like to address some of it from the business' perspective on these issues? MR. GALLAGHER: Absolutely. First of all, I'm Paul Gallagher, I'm the President of Fidelity Service Company. Fidelity Service Company is the transfer agent for Fidelity's retail mutual fund business, under which we support currently close to three million households across the United States and roughly 15 million plus customer accounts. So, my job is making sure that we can really turn ESIGN into something that is a benefit to our customers as well as to Fidelity. And I think there's no question that ESIGN has been a benefit overall in bringing some national standards and some legal certainty. One of the big benefits we saw, for example, was in the whole area of retirement planning, we could finally -- previously we were constrained. We operate in 50 states, we had 50 different rules or governing bodies to contend with. ESIGN gave us national certainty that we could operate under one standard, which was uniform, it's technology neutral, and it's very simple and easy for people to use and for businesses to understand. And we have seen, just on that particular point, some very real benefit on the one hand in that retirement account opening, this is the time of the year when people open their retirement accounts, with virtually no advertising from Fidelity, over 26 percent of all of our retirement accounts are now being opened online, due to customer choice, ease of use, simplicity, whereas heretofore they were opening in a paper format, that took anywhere from 10 to 12 days, today it takes basically 10 to 12 minutes in completion. So, that's one part that I do want to stress. We have significant other benefits across the whole range of our business. I think the issue, though, however, specifically today, in terms of consent, we have seen a burden being imposed, because of ESIGN, and particularly the consent provision, and let me just elaborate. We have a situation today where we deal with customers, customers can choose to deal with us, either electronically, they can deal with us face to face in a branch, they can deal us on a phone or they can deal with us in a paper environment. The mix of our business is changing dramatically, more to, at least in our case, more to a web or electronic-based environment, of customer's choice, not ours, although we're certainly not opposed to that, and what we are seeing today, we have situations today where we have customers who walk into our branches, they tell us that they would like to receive their statements and confirms and prospectuses electronically. We basically have to tell them, because of the provisions here, that we cannot set that feature up for them at the time that they are sitting across the desk from us, but they must go home, log on, and re-consent. Now, I think in the intent of what the bill was trying to do, we've lost our way a little bit here, because what we've done is we've now made it effectively harder. And in our practical experience, we have seen a decrease of 5,000 to 10,000 enrollments per month since we put that process in place. So that we were in full compliance with the legislation. So, I think it's a point that, as we would look at it, if customers choose to deal with us electronically, and again, I emphasize choice, that, you know, clearly if they can interact and go onto our website and go through our account opening process, et cetera, they have the ability to interact with us, in that mode. If they choose interact with us in paper, that's fine, or face to face as well. I would also highlight that they have the opportunity, just based on some of the discussions earlier this morning, at any time that they would like to change back to paper, that is clearly in their right. That is a phone call away, or if they -- again, if they so choose, a written letter away, to change back. So, I think in summary, our -- I think, you know, legislation is still in its early days, I think one of the commentators earlier this morning said, I think there are some hurdles. I think we are working through that as an industry and as an overall organization, a series of organizations, but I do think we do have to seriously look as to whether or not the consent piece really is in effect becoming more of a hurdle than really a benefit to consumers at the end of the day. Because at least in our case, we're seeing a decline in the enrollment, at least on the delivery side. MS. SMITH: Mr. Wells? MR. WELLS: Hi, yes, Tom Wells with b4bpartner. I echo Paul's comments in that the required consent, I do not believe applies to, although it applies to all organizations, I think honorable organizations that are concerned about their brand value, would have gone through a similar process anyway, because it would have been best industry practice to make sure that the consumer can view the type of document being sent to the consumer. But as to the specific question of the benefits for a consumer affirmatively consenting to receiving records, I see a benefit on the institution side, because it takes a little of the fear off of how is this -- how does this operate, how do I go about employing something like this. And I think as you eliminate fear, you're going to have a greater adoption rate on the institution side, and when you have a greater adoption rate on the institution side, then consumers will come along. Not everybody is like Fidelity which is an innovator or E*Trade that takes an active role in it. The second thing is that Elizabeth mentioned earlier this morning about the mailbox rule, and there are numerous rules in the physical world to handle delivery. We lack those rules electronically, and I think that earlier Keith Anderson asked about email returning and things like that. It would be good for the FTC in its report to Congress to propose, perhaps, some delivery mechanisms, some security procedures for the delivery of documents, things like that, so that we don't get a disparate systems that Jane's so concerned about different proprietary software. And since these rules in the mail world were developed years and years and we may not have years and years to develop those types of rules, it would be nice to accelerate that learning curve with some rules from government earlier. MS. SMITH: Would you like to address that, Ms. Saunders, or Mr. MacCarthy? MS. SAUNDERS: Which one? MS. SMITH: I couldn't tell who wanted to respond specifically to the point that was just made, but if you want to respond to the question as a whole, go ahead, and then Mr. MacCarthy. MS. SAUNDERS: Thank you. I would like to respond secondly to the question as a whole and firstly to Paul, from Fidelity. I think the problem with the bill is that it is a one-size-fits-all consumer consent language, and as we were moving through the process, many of us were quite willing to devise separate rules for securities investments because we don't see the same kinds of problems in those areas as -- or we couldn't anticipate those as we do with other types of businesses. So, you got stuck with rules designed to protect from -- protect consumers from activities that we don't -- I'm sure someone can think up a problem that we could use this consent to protect from in your industry, but we don't know yet what it is. MR. GALLAGHER: Right. MS. SAUNDERS: But it's clear -- but I would argue that even in your situation, when the consumer is sitting at home, and consenting online, you're not having any problem. When the consumer walks into the branch, and wants to set up the email -- the electronic -- MR. GALLAGHER: Electronic delivery. MS. SAUNDERS: It's one extra step. You can set it all up, it just it's not finally confirmed until the consumer either accesses the website or electronically, but everything else can be done. I mean, that is exactly why the language in the bill was added, consents electronically or confirms consent electronically. So, everything else can be accomplished at your store. Or at your store front. So, I really don't think that there is that much burden, but obviously the burden to you is different than the burden to me. Do I need to repeat for the benefit of this panel all of the benefits that I have articulated previously, or can I just ask that they be read into the record appropriately? MS. SMITH: Do you mean in terms of your earlier comments this morning? MS. SAUNDERS: Yes. MS. SMITH: Trust me, we have a transcript, among other things, and we have your comments. MS. SAUNDERS: Thank you. MS. SMITH: Mr. MacCarthy? MR. MacCARTHY: It's Mark MacCarthy from Visa. I wanted to first of all associate myself with Paul's comments on the -- from our perception at least, the necessity of having that extra step for consent is open to question. So, we -- if we were to solve that problem, you know, we would look forward to a change in the -- in the legislation that would just, you know, eliminate that particular requirement, but let me get back to some of the other discussions that have gone on, you know, how you comply with this, and different ways of doing it. One of the big features of the legislation that we liked was the fact that it provided for flexibility, and alternative ways of complying with the requirements. So, you know, words like, you know, standards, you know, sort of make my body sense go off a little bit, and I think what really is going on here. You know, whether in the marketplace, you know, a kind of open standard develops, or whether a proprietary standard sort of wins the battle for the marketplace, is really something that the marketplace is going to have to determine, and I'm a little nervous that we may be moving in this discussion towards the idea that the Federal Trade Commission or the Congress or some other regulatory body should sort of push the market towards one of those outcomes or the other. We like the way the standard got set up as technologically neutral. If the marketplace pushes us towards a, you know, uniform standard for everyone to use that's an open platform where providers can compete for that open platform, so be it, but I'm a little nervous that the government may be thinking in response to some of these comments that it has a legitimate role to move the marketplace in that direction. Again, flexibility is good, we like the way of doing it. The way the system is set up now, if the consumer and the merchant don't agree on a particular format, there isn't the disclosure, and so we think the problem in effect gets solved because it doesn't mismatch there, you don't have a disclosure and the legislation is clear about that. You don't have to prescribe in a regulatory fashion a uniform standard for everyone to use. MS. SMITH: And just to follow up, obviously one of the benefits that was identified, not necessarily -- I mean obviously as a part of comments as well, was the possibility, and I believe Mr. Wells alluded to it in particular, just a moment ago, of greater consumer confidence that might be derived from this notion that having this procedure somehow or another makes people more comfortable that, in fact, they're conducting a transaction that they fully understand or will get the right information that they need in the future to understand how things are working. And certainly there were some earlier comments in the technology panel that alluded to that. I have a question, does -- are there other instances like that, other than greater consumer confidence? Does somehow or other these provisions have benefits outside of the obvious consumer protection benefits? Can anyone point to us and say maybe there will be more online purchases, or people will get this greater confidence as a result of which somehow or other there will be a greater benefit for electronic commerce overall? Has anybody had any experience with anything like that so that once people get confident in their ability to conduct transactions online, that it spreads out into other areas in which they would demonstrate a greater ability or willingness to conduct other transactions online? Go ahead. MS. HILLEBRAND: I think there's a benefit that may develop over time, which is the reasonable demonstration requirement is going to require people as they design their systems to design something that works over a broad range over the installed base. I don't want to ask how many people in this room still have Windows95 running in their house, but I confess, we have it running in our house, it works fine, on the days when it's running. And what this means is particularly if we do have an economic slowdown, people will have their old machines in place for a longer time, businesses that want to acquire consent from a large number of consumers will have to design backwards to old platforms, to some extent, and as they do that, we will have less of a situation where the consumer goes on and gets part way through the transaction and gets dumped out because they don't support job outlets, they've got some other lower text system, and the incentive of the statute provides to design against not the best technology, not what we have all in our offices, but what people actually have in their homes will have some additional spillover benefit in terms of making e-commerce more available to people. I wanted to comment also on the fall-off number that was given by Fidelity, because it's troubling. When you hear a number of that sort, and I would just stop and say we probably don't know why those consumers fell off. Some of them may have fallen off because the process was hard to use, but they may have fallen off, because when you're sitting in the salesperson's office -- I come from California, this is our experience -- no one wants to admit that they're not illiterate. No one wants to say well, I don't feel really good about getting that stuff on computer. You say sure, here's my email address. And then when you go home you're sitting there all alone on your screen, it's a little harder to get on than you thought, you have to wait in line behind three teenagers to get online, there are other practical barriers that people have. Maybe your printer, you realize how seldom your home printer works with the net, and you decide you just don't want to. So we don't know what number of those people changed their minds at the point of electronic confirmation experienced a barrier, and which number of them were educated about the difficulties in their own set-ups and decided that they weren't ready for it yet. MS. SMITH: Mr. Dayanim? MR. DAYANIM: Yes, thanks. Well, to address the question that you posed about other benefits. I think that businesses would have taken into account the concerns, Gail, you raised, regardless of whether or not the consent provisions would have been there. The good businesses would, the reputable businesses, because that's what they need to do to make themselves consumer friendly or user friendly, but what I do think that the consent provisions accomplish from a business perspective, however imperfectly, is they do give some additional assurance to the business that if it follows the procedures that are set forth in the act, that what they do will be effective. And I think in the absence of the consent provisions, there may be some question about that. In other words, if there were no ESIGN at all, that would be one extreme, where you would have no confidence that the transaction itself would be recognized as valid. If there were no provision at all for consent, then you could argue there might be a concern on the part of the business as to whether or not they obtained valid consent to effectuate the transaction where there was consent under the existing law. So, I guess that's a benefit that you could say the consent provisions provide. I do want to pick up on a point that has been circulating around in connection with that, and that is that the reason that you have that benefit is that because what Congress tried to do was set a goal. They said this is the goal we want you to meet, and they didn't say -- they didn't direct business as to how it should get there. And although that leads to heartburn sometimes on the part of some businesses because they're worried, you know, they want to -- they want to lower their risk profile and so they want to take as conservative a course as possible, and conversely it leads to glee on the part of private attorneys who get looked to for advice, the companies know how to comply. I think it's the right approach because the alternative is to set a standard, and when you start setting standards, among the many problems of setting standards is that in this area, technology evolves so rapidly that you end up fixing something in place, it really doesn't accomplish what you want and there might be alternatives that might even be better than that, but come down a road a month from now or a year from now, and you can't thereby accommodate. And I think that -- the last point I'll make is that a lot of the pressure or a lot of the concern or support for standards that you hear today really doesn't rise from ESIGN, it really rises from this whole concept of delivery. Because delivery is really a very different animal than ESIGN, because when you're talking about delivery, you're talking about whether or not the person with whom you're doing business even knows that the document or the notice of disclosure exists. It's really a different problem of whether they can read it once it's there. And there really are distinct issues, and as already has been pointed repeatedly, in this morning Margot made the point as well, he's not attempting to grapple with the delivery issue. And there very well may be a rule for the FTC or for trade associations or for Congress to address delivery problem, both technologically, as Professor Winn points out, in terms of the way the Internet is structured and the standards that are developing, and also legally, but I don't think it's in the context of ESIGN. MS. SMITH: Well, interestingly enough, I will make a plug for the other study that the Commerce Department has to do and that is is that Congress has us examining this very issue in some ways and also making recommendations to Commerce, and that is the effectiveness of electronic delivery of documents versus traditional, more traditional delivery of documents in a paper world. So, in fact, there is some attempt, at least Congress recognized that this -- that that particular issue, and has us grappling with that as well to make recommendations to Congress. So, I believe comments, we actually put out a notice on that and had comments come in just yesterday; however, I will plug again to the extent anybody after this public workshop is interested, please feel free to continue to provide us with information, because that is an issue, again, that Congress obviously was cognizant of and wanted us to work on. Now I would like to recognize Mr. Anderson and then Mr. Gallagher, believe it or not, we have from the peanut gallery a question for you, so I just thought I would let the anticipation build. MR. GALLAGHER: Oh, boy. MR. ANDERSON: Well, I'm going to throw a question to Mr. Gallagher, too. MR. GALLAGHER: Two of them. MR. ANDERSON: But let me preface this by saying I'm always hesitant, my question is going to be why -- you described the necessity of someone who is in an office and says they want electronics to go home and sign on, and I guess what I'm wondering is, why can't you do it a little more simply than that, why can't you send them an email to which they then reply, which would sort of make it -- it seems like it would make it easier, and I'm wondering, since I'm not a big believer in the government knowing better than the private sector how to do things, I'm wondering why that wouldn't work. I also, I guess, while I had the floor had a question for sort of Mr. Wells and Mr. Dayanim. For the people who say that there's a benefit to the consent requirement or to the demonstration requirement in ESIGN, in that it will make consumers more comfortable. If, in fact, engaging in a demonstration will make consumers more comfortable, why should we not anticipate that businesses will voluntarily adopt such a system, why do we need a law to require it? MR. DAYANIM: Should I go first, or Paul, do you want to -- MR. GALLAGHER: I'm happy either way. MS. SMITH: Go for it. MR. GALLAGHER: I think a couple of things, just let me clarify one point. It's not only in the end. Again, our enrollment, you used to be able to come in, get paper, via the phone, under the SEC rules and regulations, or in the branch. And I drive home the point, I just wanted to clarify, I think Gail made the point earlier. The decline is not solely from the branches, we're seeing a fairly substantial decline as I alluded to earlier, and that's coming from all those different channels. Because again, I think what we have, is we have, if you really want to call it the moment of truth, we have a customer on the line, geez, can I get -- I'm inundated with paper, which is a common complaint that we hear, because of all the regulatory notices that we need to send out, et cetera, and we say you can go online. And they say well, can you do that for me. Today, again, at least our interpretation internally with inside counsel is, we must, again, to be in full compliance, and we take a conservative approach on this, we direct the customer to go online themselves, log into our website and then just go in and put down on their preferences and say I want electronic delivery. We had, in fact, on our old applications, up until August or so of last year, you actually could tick off on the paper application that you wanted electronic delivery. And our internal counsel advised us that based on the new law, that we would have to, in fact, go and redirect people. Now, in certain branches we can do that, and some people do it, but I think again, whether it's, you know, kind of a last minute reconsideration of the issue. People are not, at least in our case, not doing that. Now, to contrast that, let me just make one final point. We are seeing just an explosion again in the utilization of all of our web functionality and features. Today, now roughly a quarter or 25 percent of our accounts are being opened online. That's up from virtually zero, you know, two or three years ago. So, those are meaningful numbers. We're seeing lots of activity in terms of address changes, you know, just day-to-day routine maintenance, et cetera. And we're seeing an increasing number of our customers who have email access and sign up for -- at least give us -- register with us their email address. Now, some of them choose not to use it, some of them do, but I think in general, at least in the population that we serve, and again, it may be different than the broader population, is very computer literate, very happy to do business with us, because the focus that they're after is ease of use. Any time, anywhere, 24 hours a day, they can go online, and do whatever, open an account, move money between, you know, from their account to their son or daughter's account, et cetera, whatever the various things may be. So, we're seeing that demand from our customers. I think that in many ways is one of the major benefits of ESIGN that we've really realized, but I think the consent provision has been a little bit, and again, I come back to the comment earlier, I think it's more of a hurdle than it is a barrier, it's just something we need to work through, because it has been only five months, and I would say, you know, we're at the early stages and at the advance, you know, very much in front of, maybe some of the broader industry or other industries in dealing with some of these issues, but in our particular cases, clients are demanding that from us. MR. ANDERSON: But you have a feeling, I mean your counsel sort of said the consumer needs to go home and initiate it himself, you can't sort of prefeed it. MR. GALLAGHER: We can, again, we can bring people to -- when we have kiosks in our site, I think that would suffice, but again, they'll just have to log on via the web, get into their site. So, we can do that, I think, again, the issue that we see, it's all about, you know, we have people come in and literally, I mean, we have the data, people -- if it takes 15 minutes, what I call the one click view of the world. If it takes too long, click, and they're gone. And we don't want them to be gone, we want them to stay with us. So, I think we lose that kind of sales opportunity, if you will, in the sense of the e-delivery piece alone. Obviously on the other side of our business, we're seeing a very positive impact, an extremely positive impact. MR. WELLS: Really, I'm going to echo the same thing Ben said. One, I think that the rules of requiring consent are a benefit to the business providing the consent, the institutions, for two reasons that Ben already mentioned. One is, if there are no rules, there will be less adoption rate, and the reason there will be less of adoption rate, is because it's difficult to manage risk if there's no minimum rules involved. The second thing is that, again, I go to these rules, I don't think are really going to control the way Fidelity and Visa operate, because they're a best businesses practice standard, they're concerned about brand value, they're all concerned about plaintiffs and lawsuits out there that look to a lack of rules as an opportunity to create a lottery ticket. So -- MR. DAYANIM: Yeah, the only thing I would add, for -- on the first point that you inquired about, without presuming to speak for Fidelity, I think perhaps one of the issues there as well was the way the consent requirement is framed, is that you have to in some way, however that's interpreted, demonstrate that the consumer is able to access the record that will be provided, and since Fidelity has a web model and not an email model, I don't think sending an email to the consumer, it would be very difficult to construct a way for making that satisfied requirement without bringing the consumer back to the site where the disclosures are going to be provided. I think that may be part of the issue there, but that's sort of a Fidelity-specific issue. In response to the question about why have a reasonable demonstration requirement at all, I wasn't suggesting, and I don't want myself being interpreted as having suggested that the reasonable demonstration requirement is necessary to accomplish the goals of achieving business certainty. A rule is. In other words, a consent provision in the statute has the benefit of giving businesses greater certainty, as Tom just mentioned. Whatever the rule is. Now, there are reasons that you would want the rule to have certain components that are separate and apart from that, consumer protection reasons and other reasons, and it just so happens that the rule that was chosen was this reasonable demonstration requirement, and as a result of that, compliance with that requirement gives businesses that certainty, but it could be anything. It could have been simply the hardware/software requirements, and if that were the rule in the statute, that would be provide businesses with certainty, too, because the statute would then say if you've complied with that requirement, then you've satisfied the writing requirement and so that would give you the safe harbor that you get now with the reasonable demonstration. The reason they didn't do that, the Congress didn't do that, is because they were countervailing considerations in addition to just business certainty that were at issue. MS. SMITH: On that note, at one point, I believe Ms. Weinberg wanted to comment, I'm sorry it took me so long to get back around to you, but do you want to jump in here? MS. WEINBERG: Sure. I put my card down because I didn't want to be redundant, but what I have to say is slightly different. First of all, I would echo all of the comments that have previously been made about the benefits to consumers, and the benefits in fighting fraud and having this reasonable demonstration. NACAA is an association for government consumer protection, so our main concern in the universe is fraud. Consistent with that concern, I would say that another benefit that this provision brings is that it levels the playing field for legitimate businesses. The argument has been made several times that the "good businesses," quote unquote, are going to do this automatically. They want to authenticate their customers, they want to make sure that their customers are able to receive the documents because they want an ongoing communication, they want to make sure that it's a comfortable sort of format. On the other hand, regardless of what law is in place, there are certain people who are not going to do anything that even approaches this, and it's sort of the ones that are in between that are more affected by and more drawn into the benefits of this law, because they will see that as more legitimate businesses have to conform with the requirements of this act, they'll say well, okay, it's the cost of doing business, yes, we're going to do this. So, that's another potential benefit to throw into the mix. MS. SMITH: Ms. Harrington? MS. HARRINGTON: Thank you. I have a question for Paul, for -- MR. GALLAGHER: I seem to be a popular guy. MS. HARRINGTON: For other vendors, and for anyone listening out there, and I think that we would appreciate responsive information now or in the future. And here's my question: You suggest that abandonment is some kind of proxy, may be a proxy, for burden, and I'm wondering whether since your company does business by direct mail, by telephone, in person, and online, whether you have any aggregate abandonment data for each of those media, and whether other companies, might, for example, Consumers Union, also on the business side, not on the policy side, does business in several media, and I'm wondering whether you might have any abandonment data, and also whether there's any comparative data that might be available for online abandonment rates for let's say the last, you know, one-month, two-month period compared with the same period a year ago, and I know that that abandonment suggests all sorts of things, but if we are looking at abandonment, maybe as a proxy for burden, it would be just generally useful, I think, to see some aggregate abandonment data, or if anyone knows any here, and could talk about it, I would appreciate that. MR. GALLAGHER: Let me, pleas, maybe respond quickly. We have some very specific data regarding e-delivery, what we call e-delivery, electronic delivery of statements, confirms, et cetera, which we would be happy to share with the Commission. I mean, there is some confidentiality involved here, but we would share it with you, but I can just show, I don't know if anybody can see it, it's unfortunately a relatively small graph. But you can see the decline goes fairly significantly, we kind of peak on the old SEC environment and as we went into with the new practices in the latter part of last year, you see a very steep drop-off. That's, again, when we started to withdraw off of the applications, we stopped accepting telephone consent, paper consents, et cetera. So, we saw, and we see it now peaking up a little bit, which is good news, because I think, again, the people are getting more comfortable with it, but at least in our case, on e-delivery alone, forget general abandonment, because as you rightly point out, there's a whole raft of other issues in there. You have, you know, shoppers, et cetera. But these are our customers, Fidelity customers who are not enrolling, at least not enrolling in the path that we've been used to in terms of percentage of enrollment for e-delivery options, which we believe at least one contributing factor is this requirement for reconsent. There could be others, and I think we're studying that as we speak, but we believe unquestionably we've seen a decrease and we think it is because it is more complex, because it's all about speed and accuracy. And increasingly about speed and accuracy, at least in the business that we are in. So, that's just -- in our case that's a tangible example. I think the broader issue of abandonment, we have, you know, I know broadly the numbers that we have when people come in to open an account, and, again, a lot of them are sometimes just fishing, they're looking at our site, but increasingly, it's not due to a technology issue that's inhibiting them from signing up, it's more they didn't like what they see, they didn't like the pricing, they couldn't find the fund they want, et cetera, et cetera, and off they go. I have some of that data, I don't have it, you know, top of mind, but we could certainly share some of that with you, at least from our perspective we would be happy to do that on a, you know, somewhat confidential basis. MS. SMITH: Mr. Buchman, would you like to contribute to this discussion? MR. BUCHMAN: Yes, hello everyone, I'm John Buchman with E*Trade Bank, we are the country's largest Internet bank, with at last count over 400,000 customers. I would like to perhaps step back just a little bit and make more of a global comment initially, and that's with regard to the legislation and the consumer consent provisions. I think when I'm not working for E*Trade Bank, I moonlight as a banking law professor, and one of the things that I've learned teaching banking law for over 11 years is that both legislators and courts and regulators for that matter are not very good ones to deal in the area of technology. And most of the time they recognize and realize that, but I think what you have here, is a situation where you have a very technology static piece of legislation frozen in time as of last summer. And what we all have to remember is that the Internet, as we know it, has been in existence for only about six years now. And the technology is evolving, and developing very rapidly. And so you have this piece of legislation that has come at a time of the infancy of the Internet, and I think I may be somewhat optimistic, but I think in a number of years, this is going to be a somewhat academic discussion, because the technology will have moved so far beyond where we are now. And I think the technology will render the consent provisions that we now have in the legislation somewhat perhaps quaint and cumbersome. But I can foresee a situation not too far down the road where we have been talking about the specific mechanics of this well, you have to go home and log on or we'll send you an email and get a response back. I can see where we would regard this kind of discussion a few years as requiring an in-store customer, which we don't have, by the way, to put down his or her phone number and then there would be a requirement that the notifier call that number to make sure that they can answer the phone. I mean, it's going to be on that level of why are we making people do this. And I agree with Professor Winn, I think we do have a ways to go to make sure that the technology is compatible with the vast majority of the people's ability to use it. But if people look where we are now and where we were five years ago, we've made incredible strides. I regard for my own business purposes, use of email to be an extremely reliable way of communicating with people, and I find the Internet to be a very great way to conduct business. And so the only unfortunate thing now, I mean I think it's a close call, I really do, as to how you could go on these provisions now, but I think as time goes on, they are going to be rendered more and more technologically obsolete. MS. SMITH: Well, and I don't know that anybody in this room would necessarily disagree with you, but our problem is an immediate problem, and that is what do we do now. I mean, at least from those of us at the Department of Commerce and the agency that writes the Digital Divide report, while it's a very interesting concept as to where the Internet will be three, four, five, six years from now, given it's in its infancy. We're not there yet, and so the question is how do we make these provisions work today, how do we make them work for business, how do we make them work for the consumer and what, if any, recommendations do we have for Congress to make that happen now. So, again, I'm not disagreeing with you about what the future may hold, who knows what's going to happen three or four years from now, but at least the good people from the Economic Statistics Administration and the Census Bureau who helped us collect that data on where we are in the Digital Divide and NTIA, we're not there today. So, on that note, I believe, Mr. Buckley, you have been waiting very patiently for your turn, and so now I recognize you. MR. BUCKLEY: Thank you very much. I think it's very important to recognize that the original Insley Amendment as it passed the House did not contain the must demonstrate electronically, you know, must consent electronically, must get a reasonable demonstration of there ability to use. Those were added in conference committee, behind closed doors, it wasn't an open conference, for that matter, it was done all quietly. And those were provisions that didn't have the benefit of a wide airing as opposed to the remainder of the Insley Amendment which was debated on the floor of the House of Representatives. Those two provisions, I think, are primarily addressing the concern about predators, which Margot has articulated. If you look at legitimate businesses, they have, and I think this is an extremely important point to keep in mind, they have a need to make sure it works as well. They are going to use this -- Fidelity is using this for the purpose of communicating with its customers. If the customers can't use it, there is absolutely no point for any legitimate business to encourage customers to sign up to engage in a futile act and to have Fidelity wasting its time and money dealing with people who don't know how to do this or can't do it. So, these are purely designed to deal with the predator issue. And in that context, we come back to the question which you raised at the beginning of the session this morning, which is in designing systems like this, which can be hurdles, how high a hurdle it is is yet to be determined, but can be hurdles. I don't think they're ultimate barriers, but how high a hurdle should be erect to avoid the problem of predators. That's the question I think we really face here. And, Margot, you're all set to answer. MS. HILLEBRAND: As I am. MS. SMITH: And I was about to say and all of the flags went up at one time. Mr. MacCarthy, I'll let you go first and then we'll do the round, how about that? MR. MacCARTHY: I just had a quick comment on an earlier comment, and it really picks up on Jerry's point about the reason for having the provision in there, the reasonably demonstrate provision, it is designed to catch the bad guys, the predators and so on, and to some degree that is a kind of fraud that, you know, people are worried about when they're trying to protect customers. But there's another kind of fraud that you may think that the provision is directed towards, and that's, you know, does the business really know the identity of the person that they are dealing with. And I think it's important to clarify that the reasonably demonstrate provision really doesn't help solve that business problem. What the provision really does address is, you know, does the person know how to use the equipment, can he receive the information in an appropriate form and all that kind of stuff, but it doesn't verify that the person is who he says he is, and if that's the concern that businesses might have in that area, the reasonably necessary provision really didn't address that problem. MS. SMITH: Ms. Weinberg and then Ms. Saunders and then we'll go to this side of the room, how about that? MS. WEINBERG: It's not just a question of the predators, though, it's also, you know, what we were talking about before in terms of building consumer confidence on the use of the web, a lot of people think oh, yeah, sure, email, that will be easy, I'll take this via email, and then when they go to open the document, they may not be able to open the document, they may not be able to access a website at home that they can access in somebody else's office. Some people may be on Netscape 2 and 3, and you can't get to half the websites if you're using a really old version of some of these browsers, and you may not realize that until you actually go on. And it's also consumers who are just sort of unconcerned and don't think about the implications. It's one thing to say I'll get an email, and it's another thing to say oh, this means I won't be getting paper. And people still like paper. And having that sink in is an entirely different level of awareness, and unless that's sort of in your place that it's a replacement, it's not an addition, that's going to be lost on a lot of people. MS. SMITH: Ms. Saunders? MS. SAUNDERS: I think it bears repeating this point that the test is to accomplish three different purposes. One, that the consumer has access to the Internet, and that probably, that purpose is the one that is most designed to protect against predators, but two, that it -- that the consumer has access to this particular type of software and can actually open these documents. And three, to emphasize to the consumer the importance of getting -- of the importance of agreeing to receiving electronic documents, so that some of that drop-off may be from consumers who realize that they will no longer be getting writings, and they may be uncomfortable with that. I don't know your statistics, I wouldn't presume to say that that's always the reason. But that's the three-pronged reason for the addition to the Insley Amendment in conference, which was of this language. I think we need to remember that everybody in this room, I venture to guess, has access to not one but two email accounts, at home and at work at computers. The majority of the country has no access anywhere, either at school or at work or at home. And we are designing a law that is supposed to work for everyone, forever, or until it's changed. And it's -- we just need to keep in mind that there are not only predators, there are also legitimate businesses, that for legitimate business reasons may want to avoid having the consumer get copy of a notice, the provision of which ten times out of 100 may lead to a lawsuit. And there are some notices that are required by law that when delivered to consumers may lead in a high percentage of time to the initiation of a lawsuit by that consumer. And if the business can avoid the consumer actually receiving the notice, there's a legitimate business reason for the business to avoid it. If they can still satisfy the underlying legal requirement. And that's the type of dynamic that we wanted to avoid creating with ESIGN, or try to address. MS. SMITH: Professor Winn? MS. WINN: There's been some illusions to a problem that in law school we referred to as legislative lock-in, that if you write something into a standard, into a statute, that the marketplace will become locked into that particular provision in the statute, and then if the costs of switching later are too high, we'll just all have to deal with the inefficiencies that result from that. And I wanted to respond to that, that that clearly is a problem, and I think that one of the things that ESIGN consumer consent provisions got right was to take a technology-neutral approach to try and target more the expected outcome in terms of merchant consumer dynamics and not specify a technology architecture. What I thought was interesting was your comment that we have to be focused on the present and that speculating about where the Internet is going in five to ten years is not germane to the information that Congress needs from the FTC today. And I would argue that that may not be the case, that electronic commerce technology is rolled out progressively, and that there are developments taking place right now today that haven't yet been realized in transactions, but that in the fullness of time, will have a definite impact and in all likelihood what the impact will be will be to constrain specific choices that consumers might potentially be able to make, but then will be denied because of a different kind of lock-in, and we could call that kind of a lock-in market failure lock-in, that when competitive markets don't work properly, because people are trying to maximize profits on a quarterly basis, they make extremely short-term decisions, and they ignore long-term complex research problems. This is a very serious problem in the development of the information technology architecture that was described in detail in a book published by the National Research Council called Trust in Cyberspace, it was published in 1999, and it catalogs the different kinds of market failure that the information technology architecture is subject to. So, if there is a risk of market failure and regulators take a hands-off approach and wait and see, there is a real risk to the American public that there will be spectacularly bad outcomes, and I would hold up information privacy as an example of adopting a wait and see approach, and then it's unclear to me that the problem of technology as it's implemented today can be fixed anymore in the United States. I think that the question of whether the American public will have meaningful information privacy rights has already been decided because we have market failure lock-in and the switching costs to implement effective privacy protections will be too high. I would argue we have the same problem with mobile telephony. In the European union, people have cell phones that are cheaper than ours, that have better service than ours, and that's because they have open public standards. In this country, we have crappy cell phone service and we pay a lot for it, and I don't see that there's any likelihood that that's going to change. So, what we're discussing here is the electronic contracting interface, and I think that it's true that there's a real problem of legislative lock-in, if government regulators start trying to pick and choose among technological standards. God knows, I've written tons of articles saying that legislation should not refer to public key infrastructure in digital signatures for precisely that reason. So, I understand that's an issue. What I would suggest as a strategy is the gentleman, Mr. Wells, and Mr. Dayanim pointed out that reputable legitimate merchants are benefited by having a baseline established. In what terms should that baseline be established? Who about descriptions of outcomes that are acceptable and unacceptable in the most general terms plausible in light of the technology. And if that sounds unrealistic, I would say that's what the SEC did in its '95 and '96 electronic media releases. It provided dozens and dozens of concrete examples of ways of using electronic communications technology that were acceptable or unacceptable to regulators. And that provides enough information for technology developers so that they can agree on a common framework or baseline that's conducive to fair, efficient, reasonable consumer transactions. MS. SMITH: I just want to clarify something. I'm not suggesting that what may happen four or five years from now isn't germane, I was being much more practical than that. June of this year, we are going to be reporting to Congress, okay, and so on what has happened basically in the last -- at that point, maybe seven months, backing out the printing time, okay, of any report, and so what I was suggesting was that we have a very real practical problem from the institutional standpoint at the Federal Trade Commission and the Department of Commerce in that with a very limited amount of information and a limited amount of time in which to study this issue, we have to study the issue, present our findings to Congress and make recommendations, if any, that we have on the current issue. Not that forward thinking isn't a wonderful exercise, but we have actually a very practical issue in terms of what we are trying to accomplish today, not what we're trying to accomplish or what the fundamental missions of the Federal Trade Commission and the Department of Commerce are in this area overall. So, that was the only thing I meant in terms of we've got a practical issue today that we're trying to address and not suggesting that the overarching issues aren't important ones that don't have a future potential to them. I'm sorry, Ms. Hillebrand? MS. HILLEBRAND: I wanted to disagree with John, Jerry, and Margot, in slightly different places. I wanted to disagree fairly strongly, John, with your characterization that the ESIGN consent requirement is a static requirement. It's an existing requirement, but it's a flexible requirement, and we heard that this morning when people said we're glad Congress didn't tell us how to do it, just that it has to reasonably demonstrate. That means, I think, that in five years, if the Internet, quote, "grows up," sometimes I think it will still be an unruly teenager in five years. There will be a different set of problems, but we'll still need to get to that same result of reasonable demonstration. So, I would disagree that that's a static test. I would also want to disagree that this law is just for predators. I think that the -- make sure you can get online at least once, and I'm sorry if I'm overcharacterizing this. MR. BUCKLEY: I didn't say the law was just for predators. MS. HILLEBRAND: Well -- MR. BUCKLEY: I said these two provisions within the consent provision. MS. HILLEBRAND: But we see these two provisions as the guts of the consumer protection in the advent, and so it's hard for me to separate the two, I appreciate the clarification. This law protects something else, and I think some of you have heard Margot say something that she didn't say, and that's why I want to disagree with her slightly. It protects not just those who cant' get online, but those for whom online delivery of legally required notices is not their preferred method of delivery. It protects customer choice. And when you have customer choice, you have a marketplace incentive that is not otherwise there to induce the customer, to set it up so that it's easy for the consumer so that if the customer wants to do it, to talk about it in a marketing way, not just in a lawyer way. Remember, 101 deals with legally required notices. These notices are not always information that the business wants to put front and center to their consumers, and if you have any doubt about that, compare the last marketing flyer you got from your bank with your checking account terms and conditions. They're written in very different language, they're presented very differently, one is designed to catch your attention, and one is designed to put you to sleep. Or it's just not well designed and therefore it puts you to sleep. So, consumers who -- it's not just consumers who are not digitally literate who might make a rational choice to stay off the net for -- or stay out of the electronic delivery of legally required disclosures. In households where there are shared responsibilities, it might be easier to have a file that people can just look at. Some people are social users of email, they might use it to communicate with relatives but would feel obligated to check it every day the way we check our mailboxes every day, if they're going to get business notices. People who have been exposed to identity theft might make a very rational choice that they just want to limit the amount of information about them that is stored in a variety of different databases, and might think that agreeing to receive information electronically is also going to mean it will be stored more widely and for a longer period of time. And I think that's it. Thank you. MS. SMITH: Thank you. I noticed -- well, actually we have one other question from the gallery, it says, have the agencies considered asking Congress to extend the report date by sufficient time to allow a better, more thorough, assessment? That's an interesting question, that would actually take a change in the law, it's a statutorily mandated date, and for us to actually seek an amendment to the ESIGN probably would give about two-thirds of the people in this room a heart attack if we tried to re-open ESIGN, the other third of you we would just hospitalize for a short period of time. So, I would probably be able to say with a fair degree of comfort that the Department of Commerce at currently has not asked to extend the deadline and I would leave it up to Marianne and Eileen to let me know whether or not they've had that wild hair and felt compelled to go out on that limb. And they're shaking their head. They don't even want to go out orally, they're just shaking their heads no. So, on that note, I also note I didn't ask the question I had gotten earlier, we got kind of carried away by the tide, but Mr. Gallagher, if you're ready to be back in the spotlight again. MR. GALLAGHER: Absolutely. MS. SMITH: There was a question from the audience, is there any legal requirement that Fidelity provide statements to its customers, quote, "in writing?" If not, why would the consumer consent provisions apply? I think that's a pretty easy question for you, so -- MR. GALLAGHER: I think everybody knows the -- well, hopefully everybody knows the answer, yes, of course there's a requirement, an SEC requirement that we provide statements. A brokerage basically every month, mutual funds at least quarterly, depending on the level of activity. So, that's why we do it. Other than that, it's good business practice as well. MS. SMITH: Mr. Buchman, you wanted to make some comment? MR. BUCHMAN: Well, I was going to talk about three points that I thought were important to make, in terms of how I thought the issue could best be addressed at present. I think I am troubled by the requirement for the consent being electronic for a variety of reasons, but I think the way you really go at this is to make sure that you have the informed consent of the consumer, and I think the way you do that is through the disclosures that you're required to provide. And I think there is a need to give some serious thought to what kind of disclosure should be provided. But, for example, if we came up with a shimmer box kind of disclosure that said do you have or have access to a computer, do you have an email address, are you able to receive files in Adobe, are you able to go on the Internet. If a person -- and a number of our accounts are opened through the mail, through a newspaper and other ads, if a person puts all of that down and says yes, and then I hereby consent to receiving my bank statements electronically, by the way, most of our customers do not. I mean, the banking environment is somewhat different from the securities environment. I prefer to receive a monthly piece of paper, for example. My little confession. MR. GALLAGHER: You heard it first here. MR. BUCHMAN: But I do trade online, so -- but if someone has done -- taken all of those steps, and the disclosures are very clear in that regard, why should we really have to go through the extra step of the consent being electronic and the reasonable demonstration? I think we have to take -- at some point we have to give consumers a little credit here, and if they tell us all these things, we should actually believe them. And so we -- that's sort of the E*Trade approach, we, you know, we give the -- we want to empower our customers. Also, I think a much better approach is the market in existing laws as opposed to the consumer consent provisions that are in the statute as now drafted. What do I mean by the market? Well, I think we have established that there are the one-shot black hats and then there are the other entities such as financial services companies that have ongoing customer relationships. We don't want to violate our customers' trust. We want to do what the customers want. We don't want to pigeon hole all of our customers into receiving electronic statements if, in fact, they don't want to. They'll just leave, they'll either go to a brick and mortar bank or they'll go to another Internet bank that gives them the paper option. So, we have no incentive whatsoever to steer customers in a direction that they don't want to go. We want to give the customers complete choice in terms of how they communicate with us and how we communicate with them. And it's a two-way street. So, I would say trust the market. I know that's a novel thought in some parts, but I would say trust the market for the vast majority of entities who are dealing online who have financial and many other incentives to treat the customer right. And the third thing I would say is look to existing laws. I looked at a number of the comment letters by the consumer groups, and it seemed to me that just about all of their hypotheticals were situations that could be more than adequately addressed either with existing antifraud statutes, or unfair trade practices statutes. And query whether you really need this additional layer of law to get at this problem when there are other statutes that would more than adequately foot the bill. Also, rely on the fact that we as financial institutions have legal requirements to make disclosures to our customers. The onus is already on us to comply with the law. So, the onus is also on us to come up with the solutions that make most sense to our business models that are reasonably designed so that we can say with a high degree of certainty, yes, we did comply with the law, because I think as a number of people have noted, there is a real risk if disclosures aren't received, that we could be facing class action liability. So, trust these other mechanisms to make sure that the consumer consent is an informed consent, and that they know what they're getting into when they agree to receive information electronically. MR. DAYANIM: Thanks. I want to respond in a way to what John Buchman is suggesting, and I do this somewhat hesitantly. But I'll do it nonetheless. I think that part of the reason that we have these divergent views is that in some sense, when representatives of an industry go up on the Hill and talk about, you know, what the law should contain, we're really talking about a different -- well, let me back up. The way in which the world is structured is not simply broken down by the view points represented here. In other words, it's not just, you know, it's not just a situation where you have heavily regulated institutions like financial institutions that are reputable members of the business community and that have representatives on the Hill and it functions like this, and it's not just that you have predators, you know, where the National Consumer Law Center are going after every day, or the Federal Trade Commission for that matter. What you really -- you know, there's a whole mass of businesses in the middle that, for example, some of them I advise that are small businesses and emerging businesses, medium-sized businesses, maybe not in heavily regulated industries. And for those companies, the absence of a requirement, again, setting aside what the content of the requirement is, presents an opportunity to take the path of least resistance. And I know speaking as counsel to those companies, it is good for me to be able in some instances, and I don't want this to be overinterpreted, to be able to say you can't do it that way because the law actually says you have to do it this way. Because if I didn't say that, they wouldn't do what would be the best practice that E*Trade Bank would do, but at Fidelity, they would do something else, and they're not predators, they're just businesses that, you know, have slim profit margins and that are hoping to get by, you know, below the radar screen. And so, for example, to take the example, John, that you mentioned of an alternative to reasonable demonstration, that I actually think would not be sufficient, which would be simply checking off saying do you have Internet access, do you have an email address, do you have PDF, the problem with that if you don't also present an opportunity to test that, which one way to do that is requiring the consent to be electronic, there may be others, is that, yeah, PDF is a fairly easy question. I mean, I think most people you can assume have -- and maybe some people are different, but I think most people you could assume would understand the question and be able to answer it intelligently. But that's because E*Trade Bank would choose to use a format like PDF, that is widely available. But if I'm, you know, business X, and I'm not predators, but I'm also not looking to present awards for best practices in the industry, and there is a software product out on the market that's regional, maybe, it's not so large, but it works, you've never heard of it, and I say do you have the ability to access, you know, product X. You may not really know how to answer that question, so the answer would mean maybe then you'll just say no and then you won't have a problem. That may be. But then you could go even further and say well the question might be, product X, and people may have heard of product X in this hypothetical, version 3.0. And there the person really may not know, they may think they know, they may not know, and you may not really be interested in clarifying it for them, because you're only providing the disclosure because you're obligated to. So, I don't think -- I think that you do have to pair the information with the opportunity to test the information. I don't think you actually have to show that the person did test it, I think that would be going too far, but I do think you have to have some pairing of opportunity, because otherwise you open yourself up to abuse, not by creditors, and not by the top -- the cream of the crop, but sort of the vast unwashed middle. MS. SMITH: And actually, I know you want to speak, but we're actually heading into sort the next realm of inquiry, that was a beautiful lead-in, and actually, I think -- and I would ask you to address it as well, Mr. Buckley, as well as giving us your comments, in the absence of the provision, it seems, which creates sort of a safe harbor in some ways for businesses who wouldn't otherwise probably go out and try to figure it all out themselves, it also probably creates a best practices situation without them actually having to develop it. At the same time, you're suggesting there could be some harm in the absence of the provision, and that kind of leads us into this notion that -- and one of the principal things we're having to deal with this inquiry is do the benefits outweigh the burdens. You sort of conducted some of that exercise for us, in the way that you just addressed that question, but I would ask all of the panelists to turn their attention to that very issue. Do the benefits outweigh the burdens, and how you would come down on that, and basically what your reasoning would be. I mean, let's -- let's use as a given for all of us as a standard that there are some benefits to the provision, and that there are some burdens that accompany the provision, but please let me know where you come down on that side of the issue and why. And Mr. Buckley, since you're the brave soul with your name up. MR. BUCKLEY: Thank you. I think the comment that I was going to make leads into your answer, at least partially answers your question, and then I would like to add more. Margot made the point, which I can't agree with, that in maybe ten out of 100 cases, for legitimate business reasons, people do not want consumers to retain their disclosures. And therefore they might adopt this medium as the medium that they would communicate with, so that the person cannot keep their disclosures. Now, I think that -- if you look at the experience with a consumer, and you have a legitimate business, the legitimate business is going to want to conduct business electronically, not just deliver the required disclosures electronically. So, if you ran into a situation, in my opinion, where the sole purpose of entering into the relationship was to deliver disclosures electronically and you had no intention of doing any other business with the consumer, otherwise contracting with the consumer, sending them bills, sending them statements, doing all the rest of it, if you simply had that one purpose, you would be somewhat suspect as to what your motivation was, and the questions of fraud that are -- and there are plenty of fraud statutes that deal in unfair and deceptive practices statutes, those and yours at the state level, that can deal with situations like that. So, I think you're talking about setting up a straw man when you say people are only going to use it for the purpose of deceiving people and not letting them keep the disclosures that they need. The second issue is the burden, and I think that the burden, I've mentioned the fact that these provisions were added quietly and without a lot of debate, negotiated by staff and presented to Senators. I don't think that it was -- I don't think they were thought through as well as the other core provisions of the consumer disclosures that are required, and that were part of the House legislation. And the result is that at is not clear exactly what has to be done. The beauty of having a set of rules laid out in the statute is it gives business confidence that if they follow those rules, they will know that they have no problem. These provisions, particularly the reasonable demonstration provision, have enough uncertainty associated with them that they cause businesses to pause and ask are we inviting class action litigation by doing it in a way which we believe is legitimate, but which someone else may find not to be. So, there's in addition to the burden of having, you know, Mr. Gallagher's customers disappear because they don't want to do back and after having dealt with the person go back and go through the whole confirmation process, there is also the burden of uncertainty that's created by the way in which the reasonable demonstration test is worded, and I think that will slow up the process. We have -- I know that there are people who are not going to participate because they have the doubt about that. So, that is an issue. MS. SMITH: Any other comments? I guess I should have, as Larry gently reminded me, I guess I shouldn't have made it an either/or choice, do the benefits outweigh the burdens, or is it -- I guess I should have asked the question or is it really too early to tell. If people had an opportunity to really make that assessment in their own businesses or what they see going on in the marketplace. So, I guess I should have been a little more open-ended on that, and so would ask you to consider that as well when you give us your answer on that point. Ms. Saunders? MS. SAUNDERS: I want to address several points which have been made. One is the disclosure only, why is disclosure only not sufficient. There's several examples in current law where a disclosure is meant by itself to protect consumers. And I'll detail them and explain why that doesn't work. One is arbitration clauses, consumers are seeing mandatory arbitration closes hidden in the back of contracts all the time, and then when they end up with some dispute with the creditor, generally, or the other business, they are forced to -- into arbitration rather than being able to go to court. The effect of that, sometimes, is that they are not able -- and if their home is being foreclosed upon, to even raise as a defense the violations of the consumer laws as a defense to foreclosure. The other and the more real reason why -- the actual reason why these consumer arbitration clauses have been stuck in the contracts is to prevent class actions regarding small violations of the law. When a consumer has been ripped off for $5, $100, even a couple of thousand dollars, very rarely will that consumer have access to an attorney who can bring the action to enforce the law even if it's fraud or unfair trade practice, because there's just not enough money at stake to make it worth while. So, many actors, none of them are in this room, but many actors may find it worth while in the general conduct of their business to make little small mistakes in the hopes that they don't get caught in the understanding that with the arbitration clause they will -- they can't get caught with the big class action. And those are an ongoing problem that has, I think, been adequately identified, clearly not addressed yet. Mortgage documents. I think everybody in the room who has ever bought a house and closed on a loan would agree that we get far too many mortgage documents when we close on a home, and we're all blaming the two laws, Truth in Lending and the Real Estate Settlement Procedures Act for requiring all those disclosures, when actually the Federal Reserve Board did a study and found that a very small minority, generally less than 10 percent of the papers that are delivered at closing are really required by federal law. But what we've got is overdisclosure. If we disclose enough to the consumer, then we're legally protected, but 99 out of 100 consumers don't possibly read all that stuff, so the disclosures now become fairly meaningless. So, disclosure by itself has not protected consumers. Finally, credit insurance. Again, the Federal Reserve Board has just come out with a proposed regulation that would treat a certain kind of credit insurance as differently because of the very real predatory characteristics of this type of credit insurance. Credit insurance currently is treated under the law as being okay to sell in a certain way, so long as the consumer checks off a little box that says I understand that I have the option not to buy credit insurance. Yet if you talk to legal services attorneys or consumer agency administrators, or review the cases, you will find dozens of judicial decisions where the individual consumers will say, I know it says that on the paper, but the lender told me verbally that I didn't have a choice. So, disclosure by itself does not work to adequately protect consumers, either from predators or even from the unwashed middle as Ben described it. The market -- but I'm sure it does adequately protect consumers from those in this room. The market does not work, there were three points, one was disclosure, two was the market should work, and three that we have existing law that will address it. Let me explain why. Predatory mortgages, again, is a real problem in the market failing. It's a big problem, it's evidenced by a 450 percent rate of increase in the foreclosures, Department of Commerce and Census data shows that. In the past ten years there has been a 450 percent rate increase in foreclosures in this country. That's because the market has failed. The market and disclosure don't work to protect people against consumer abuses. Access to justice is a real problem with using existing laws. Do you know what it takes to prove fraud? Assuming you can find an attorney to take the case, which is a big problem if you're low income, because legal services exists for one out of 25 low income people in this country, and the federal money to provide legal services has not gone up in almost a decade. You need to prove by clear and convincing evidence, rather than by the preponderance of the evidence, that there was an intent to defraud, that there was reliance and that there were damages. It's very difficult to prove fraud. You need not only the attorney and the willing client, you need a client who will make a good victim, a -- will make a good witness. Not too many people are willing to get up on the stand and say yes, I was defrauded, I'm ashamed, and I'm embarrassed, but I'll stand up for my rights. It's very difficult to find a client who often -- it's very difficult for a client to actually do that. I have represented many of them, and they don't want to go to trial. It's too stressful. Unfair and deceptive acts and practices statutes, UDAP statutes are very valuable in the states in which they exist, when they apply. In many states, they do not apply to lending relationships, security relationships, or any other type of industry which is otherwise regulated. In many states, when they do apply, there are no attorneys fees. In many states in which they apply, they only apply to deceptive acts, not unfair practices. So, the section 5 of the FTC Act applies throughout the country, but does not have a private right of enforcement, only the FTC can bring actions under it. So, we have wonderful laws, but they are not actually implementable, or able to be implemented on an even basis, and that is why we need specific consumer protections to protect consumers from the unwashed middle, recognizing the very distinct differences between electronic commerce and the paper world, given the fact that the majority of this country is not yet online. Thank you. MS. SMITH: Ms. Saunders, would you say that it was safe to conclude that you believe that the benefits outweigh the burdens? MS. SAUNDERS: Well, I would say if I haven't made that clear so far. MS. SMITH: One of the points that -- obviously I want to get back to that, but in the mean time, we've got an email question that was actually related to a point Mr. Buckley had raised and Mr. Dayanim, and the question from the email audience is, how does section 101(C)(3), which is the provision in the ESIGN Act that sets forth the effective failure to obtain electronic consent or confirmation of consent relate to some of the exposures that have been discussed for conducting transactions electronically. So, for those of you in the audience on any panel who don't just happen to have the ESIGN Act in front of them, that provision of the statute provides that the legal effectiveness, validity or enforceability of any contract executed by a consumer shall not be denied solely because of a failure to obtain electronic consent or confirmation of consent, by that consumer in accordance with the electronic consent provisions of the act. I don't know if any of the business people in the room or any of the attorneys who represent business people have ever looked at that or advised your clients or to that, you know, or to the extent that the consumer advocates have looked at that issue as to whether or not it mitigates some of the burden. Mr. Buckley? MR. BUCKLEY: I would direct the questioner to -- you have all the comments online, so they could look at the comment submitted by the Electronic Financial Services Council under disproportionate penalties, responding to your inquiry, but the question of if you have, in fact, failed to establish the right to deliver disclosures electronically, as Margot will tell you very clearly, you have some very severe outcomes in the Truth in Lending context. For instance, if you are in a refi context, you could result in a -- a recision of the law. There are fairly severe consequences of not having effectively delivered disclosures electronically, and so I mean that's just one illustration. I'm sure that many people in the room could give other illustrations. And that's what the consequence is. MR. DAYANIM: I'm sorry. MS. SMITH: No, go ahead. MR. DAYANIM: If I could just jump in following up on what Jerry was saying. If you look at that provision, what the provision essentially said -- well, to me, what it really does or what it primarily does is confirm the safe harbor nature of the consent provisions. It doesn't say that the legal effectiveness validity or enforceability of a contract should not be denied if you haven't actually provided the consent, it says shall not be denied solely on the basis of not complying with those steps. So, it basically means that if you have, for example, or it doesn't mean this, a ramification of it is, if you have, for example, provided the disclosures electronically in a way where the consumer has actually obtained them, yet you have not complied with literal language of the consent provision, either because you didn't provide the notice of the different kinds of software/hardware requirements, or if you're taking a technical reading of the demonstration requirement, you haven't met that requirement. And yet nevertheless the consumer gets the documents, gets the disclosures, it's not -- what they're saying is you're okay. I mean, that's sort of my take. And there are additional aspects of it as well. MS. SMITH: Hold on just a second. Ms. Yen? MS. YEN: Thank you. To answer one of your earlier questions concerning benefit versus burden, I would agree with what's already been said that from the point of view of counsel representing mostly financial services providers, therefore industry, the primary benefit here, in my view, was that it did provide us with a little bit more legal certainty and it did help override a lot of local law by giving us one federal standard that we could look to to design websites that clearly are intended to be accessed in all 50 states plus the District of Columbia. So, I felt that that was, just from practitioner's standpoint, probably the most significant benefit. In terms of burden, there is an interesting provision in (C)(1)(b)(iv), where you have to disclose to the consumer how, following this consent process, the consumer may, upon request, obtain a paper copy of the electronic record. And I think if you read that literally, that really gives the consumer the right to receive, in paper form, any disclosure that was provided electronically, even after this rather elaborate consent process has been followed. Now, the statute leaves open the possibility that a fee might be charged for that paper copy and then you look to applicable state and federal law to see whether, in fact, such a fee is permitted. And I would submit that there are numerous instances where, in fact, you probably could not charge a fee. Just to give you a for instance, I believe RESPA says you can't charge for the cost of preparing a Truth in Lending disclosure or a RESPA settlement statement. So, that would call into question one's ability to charge for providing it in paper form. I think another possible burden is that after you have obtained the consent and the reasonable demonstration, if the -- for example, using the web model where you're putting all of your disclosures up on a secure website, if you decided to change any aspect of your hardware or software that you used for those disclosures, you would have to go back to your customer with a new disclosure explaining the new hardware and software requirements and then get a new reasonable demonstration, which I think is clearly -- I mean obviously that's got some benefits associated with it, but it also has some tremendous burdens. And if you've got a nonresponding customer, who just because of inertia or being really busy with work and out of town on business, doesn't get back to you, you don't have consent to use that new hardware/software configuration, which I think is an issue. MS. SMITH: Ms. Hillebrand? MS. HILLEBRAND: I would like to respond a little more to the email questioner. I read the section on the effect of failure to consent somewhat more narrowly. I think that was copied out of UETA, and there may be some legislative history surrounding it there that we could submit later, but it doesn't say that the consent remains in effect or that the disclosure or the legally required notice remains in effect, but it says simply that the contract executed with the consumer is not going to be denied, in fact, solely because of that. So, if you have, for example, a loan document and associated legally required disclosures, they're saying we're not going to set aside the contract and say you don't have to repay the money, but, in fact, there may still be a Truth in Lending violation if those disclosures were not -- the consent wasn't garnered properly. So, I think that it's overreading it to say that it's kind of a no-harm/no-foul provision. I think what it's saying is the failure -- that the failure to get the consent affects whether or not those items that would have been consented to were, in fact, provided electronically, but it doesn't go to the validity of the underlying contract, unless failure to deliver those notices in some other way would have affected the contract, but ESIGN doesn't add an extra way to undermine or attack a contract. And I think that's all that section does. MS. SMITH: But to clarify that question as well, they seem to be -- the questioner seems to be asking whether or not this mitigates burden in some way, to the extent that he says how does this relate to some of the exposures, and by exposures, I'm assuming he means legal liability kinds of issues. And maybe I'm misreading the question, but I have a feeling that that's what they're getting at, doesn't some way having the fact that this provision says that the contract won't be rendered ineffective just by virtue of the fact that the consent provisions weren't necessarily followed. Does that in some way have an effect on people's assessment on what legal liability issues are with respect to that particular issue. Now, again, that's my reading of the person's question, but that seemed to go to this notion of benefits and burdens. MR. DAYANIM: I will just saying that actually it's because of what Gail just said, that I would have been happier if the provision weren't there at all, because I think the provision is a safe harbor anyway, the consent provisions, and by having this provision in there that just says contract, it does give rise to the possible implication that she's alluding to, although I think it's wrong, I don't think that is the way to read it, I do think that because of the way it's worded, and this goes back to it's not being perfect, and the point being that was made a moment ago about subsequent consent, is another instance where this is not perfect. That's also a tremendous burden that I think is probably unwarranted, but in this particular case, I think it creates a problem. MS. HILLEBRAND: Well, it's argument under the text of the statute, which talks only about the contract itself not being -- I would like to disagree with you at the appropriate time on the safe harbor issue more generally. MS. SMITH: Hold on, we're going to go back around this way, because all of the sudden I turned my back for a second and all of the name tags came up. Go ahead, Larry Campbell. MR. CAMPBELL: Hello, I'm Larry Campbell from the Commerce Department. I guess it's really just an observation, and subsequent question for our participants. In an ideal world on the question of whether the benefits outweigh the burdens, I guess an economist would love to be able to put a dollar value on both. We would somehow be able to value the dollar value of the harms avoided to the consumers and weigh it against the dollar value of the cost of perhaps some lost business or the extra -- certainly the transaction cost of providing the extra step for the demonstration in one form or fashion. At least from my reading of the submitted testimonies and the comments this morning and now, I don't think we're going to be able to get there by June. So then that leaves us still, though, with the test of the -- using the language of the law of the weighing, I think, in my motion, in my mind, is the scale. How do you weigh, sort of I would guess a fair characterization might be the intangible benefits and the tangible but hard-to-quantify costs. Certainly when the law was drafted initially, however it came to be drafted, the final agreement on it had in the minds of the people who put it together, a weighing of these considerations and somehow out of that process came the text that's before us, and the test that's before us. So, in the absence of lots of hard data on both sides, although we have a few examples, another way of putting the question might be has enough transpired in the initial roll-out of the people operating under this law to change any of the thinking that went into the original establishment of the test. I'm just trying to get a notion of incremental -- how any incremental experience may have changed any participants' minds, or do you kind of come to the sense that there are definitely categories of concern on both sides, but there just may not be enough experience to draw a hard conclusion at this point? Just a question and an observation sort of. MS. SMITH: Keith, do you want to go for it or should we turn to Mr. MacCarthy? MR. MacCARTHY: Whatever you want. MR. ANDERSON: Well, I just wanted to respond actually or use the opportunity of something Mr. Buckley said to maybe turn the discussion a little bit. You made a statement that you would consider anyone who was just making disclosures electronically, but not actually doing sort of continuing business, to be suspect. And I think that that may be because of the industry you represent and the industry that's represented here. I mean, I see a whole -- I mean, I've been trying to think of kinds of issues where ESIGN could arise, and it seems to me there's a whole flock of other kinds of transactions where it could arise that we just really aren't talking about today very much, and maybe we could get a little bit of reaction. I mean, one it seems to me is actually almost a financial services transaction, and it's one that we've actually seen, I believe it's Eddie Bauer and Spiegel will allow you to apply online for a credit card. Now, I don't think there's any question there, I have not looked at it in depth, of getting statements online. But the question is you can apply on line, they want to give you your Truth in Lending, your APR notices online at the time you apply. So, that's notice electronically. Another example that I thought of that applies -- well, I can use an example that's taken from -- a couple of examples actually taken from FTC law. If I call Land's End, to make up an example, and I order something, and they don't have it in stock, they have to give me an estimated date, and we then require that if they find out they can't ship by the date, they have to notify me. It strikes me that a really good use in many instances of email would be to notify me by email, assuming that I've got email, that I will agree, et cetera, et cetera. Similarly, and this is a related example, but perhaps somewhat different. I learned in preparing for this conference that we have something called jewelry guides at the FTC, and that one of the provisions of the jewelry guides is that if I'm selling you a gemstone that has had some special treatment done to it, and that you're going to have to do this again periodically, or you're going to have to do something to your gemstone periodically to keep its appearance up, I have to tell you what that is. Again, if I call on the phone, say, to order, and want to buy a gemstone, it may make good sense for the jeweler to be able to refer me to his website, his or her website, that would show me where the information is. All of these, I guess, the point is, are instances in which you're just doing disclosure, you're probably doing one-time disclosure, and frankly I'm not sure, particularly in the second and third cases, how you comply with ESIGN -- how you can make use of ESIGN or whether ESIGN poses big burdens in those instances. MS. SMITH: Mr. Buckley? MR. BUCKLEY: Thanks, Keith, because I think you do point out that I represent people in the financial services industry, and in those industries, usually the disclosures are mandated by federal statute, and but there's a contemplation of an ongoing relationship. You know, that you're going to have an account relationship of some kind or an insurance policy relationship or some other type of relationship. In the cases that you mentioned where there would be single, one-time disclosures, it may well be that the burden of complying with ESIGN would be so great that you would not bother to do it electronically. I mean, the jeweler may either say hey, listen, I'll take the chance that they are going to get it, and I don't think people are going to come after me for their dull jewelry because it's not properly sparkling. I'll just send it and rely on the fact that ESIGN is a safe harbor, but I feel like I can communicate electronically with my customers in this context without too much fear that I am going to be subjected to FTC enforcement activity. Maybe I'm wrong. You know, the examples you give of one time are situations in which consumers are not likely to be abused. And where, you know, I -- do you have -- you know, I'm just trying to think of where is the example of someone who is deliberately sending this for the purpose of avoiding the person able to keep the disclosure? That's the concern I was trying to address. Not the possibility that, you know, somebody, you know, I don't think that the jeweler is trying to get around the requirements of ESIGN, they may find them too burdensome to bother with and say hey, you know, I'll send it on paper, I'll do something else, but where is the example of the person who is going to be defrauded or hurt in a significant way? MR. ANDERSON: Oh, I'm sure, I don't have one off the top of my head. MR. BUCKLEY: And neither of us have thought it all the way through, I grant you, and, you know, I hadn't thought as far as you had, so I didn't mean to, you know, put you on the spot, but -- MS. SMITH: Mr. MacCarthy, do you want to try to address some of these issues? MR. MacCARTHY: Just back on the, I guess for the record, the benefits and burdens, we're with Paul and John over there on that issue, and consistent with our filing. I mean, we didn't think that the particular requirement for reasonably demonstrating consent was necessary to begin with, and to put it in your terms of the timing involved, nothing that's happened since the legislation has gone into effect has really changed that judgment. I agree, it's short. There's not a lot of time to have gathered a lot of information, but we don't think our initial judgment has been proved wrong in that respect. And that leads me to another point I want to make, which is to respond to some of the suggestions, you know, some explicit, some more by way of just sort of off-handed comments, that maybe things would be better off if a regulatory agency sat down and tried to clarify the requirement, to go through a series of examples, and, you know, say this one works and this one doesn't, and, you know, let's just go through 50, 60 or 100 examples and make sure everyone knows what the rules are. I would urge you to resist that temptation. That at this point, it really is premature to begin to settle down the technology and the experimentation that is possible in the market by coming up with a list, even if it's not described as exhaustive, it would tend to freeze the marketplace, people would tend to say let's see what the list says, instead of trying to go out there and doing it in the best fashion that they could. You know, if this had been in place for three or four years, and people had clearly demonstrated problems and there was some recognition that there was some obscurity here that had to be clarified, maybe we would be in a different situation, but right now, the idea that we need to have an exhaustive list of examples I think is premature. MS. SMITH: I guess the problem, and I think Larry alluded to it, since the consumer consent provisions are in existence, one hopes that, in fact, the problems don't arise because the consumers are, in fact, in a position to -- or the companies are out there implementing it, and in fact people are providing consumer consent in a fashion that reasonably demonstrates that they can access the information and they're getting the legally required notices, and we don't ever have a problem. So, I think we're in a little bit of a quandary in the situation that the -- we will hope, and I'm sure the Federal Trade Commission hopes, that there will never be an instance of consumer fraud from a company that is actually implementing the consumer consent provisions as they're written today. So, in some ways, the fact that the statute is in place makes our task a little more difficult in terms of, you know, looking at this issue in three or four years, one would hope that some of these problems have been avoided. Now, on the other hand, we still have the task to do. So, I appreciate your comments, but I would ask people to think, you know, given what we have in front of us now, which are the consumer consent provisions, what information is out there, given this very short period of time. Again, we're willing to take anecdotal evidence, of, again, whether the benefits outweigh the burdens. I'm sorry, I'm not meaning to ignore this side of the table. Ms. Hillebrand? MS. HILLEBRAND: Of course, we think that the benefit of consumer choice and the benefit of a technology that demonstrates consumers can get the information outweighs the burden on business, and maybe it's too easy for me to say that because I haven't seen your numbers, I don't know what it costs you to put that into place, but I think that if you were asking this question slightly differently, if you were asking the question that comes before this question, which is, is ESIGN worth having for American business, even with the cost of this particular consent requirement, you would get a resounding yes from around the room. The way that the legislation is structured, you're kind of asking that question but you're also asked to focus more narrowly. If you ask a business would you like to get rid of this requirement, they will often say yes because it gives more flexibility for future decisions. Sometimes that's short-term thinking, sometimes it's long-term thinking. I suggest to you in this case it would be short term thinking to eliminate those requirements. One reason we didn't see a public furor when ESIGN went into effect, I got a lot of media calls that just said won't this be bad for consumers, won't they be stuck on the net when they don't want to be there. And I told every one of those reporters, by and large that's who was calling me, consumers will have a choice, and the choice will work, and it's these two provisions, the electronic nature of the consent or confirmation, and the reasonably demonstrate that put me at rest that consumers will have a choice that will actually work. So, one of the benefits already, I think, has been some level of public acceptance. How much, we don't know, because no one is measuring it. In the long term, there's the consumer confidence benefit, which will be real and will build over time. Anyone who's known someone who's been a victim of identity theft knows, you just have to hear one horror story to wipe out ten good experiences that you hear from other folks. So that the prevention aspect, it's not enough to wait for fraud law, because fraud is dealing with problems after they occur. The real consent requirement of this type prevents the problems before they occur, and that's a tremendous difference. I would also note that state legislatures around the country are expressing their own view about the value of the consent requirement by placing into their UETA bills, many of them passed UETA before ESIGN, they're just not touching it, which means we think in the state you will have both UETA and the ESIGN consent requirements, but those who are looking at UETA for the first time after the passage of ESIGN, many of them are adding provisions that say this is not intended to modify or supercede section 101(C). Another indication that, in fact, state policy makers think this is important, that has occurred in bills already that are moving in Connecticut, Illinois, New Jersey, Vermont, it's law now in Tennessee and North Carolina. So, other police makers as well see this as important. And finally there's been this talk about the value of certainty for business. These two parts of the consent provision provide valuable certainty for consumers. And Professor Winn said it in her opening remarks. Who is in a better position to design for the uncertainty? The consumer who does it once and has to take the technology that's offered to them as a go/no-go, I'll use this product or not, or the business that has some choices about how to develop that consent process. So, for all those reasons, long-term confidence, chief among them, we think that the benefits do outweigh the burdens, and I also was quite struck in the prefiled comments that many of the industry folks were saying exactly what we at Consumers Union said, we would like to see NTIA and the FTC recommend to Congress that there be no changes to ESIGN. Now, I could give you a long list of things that I would like to see differently, but let's give it some time to work, and that's where we are and that's where we hope you'll be. MS. SMITH: Thank you. Professor Winn, any comments? MS. WINN: Hello. I can tell that you are hoping for comments from industry people, but yet you keep getting comments from people who -- MS. SMITH: All comers. MS. WINN: I was going to say, as far as I can tell, if we're looking at the benefits and the burdens, the burdens on merchants, not only is there the problem that it doesn't seem like we have any metrics we could use to start calculating, it seems like there's different kinds of burdens, you would want to separate out different kinds of burdens. The one that I started talking about at the beginning was sort of an assessment for infrastructure development. The fact that the infrastructure is in flux, and that's a problem we all have to deal with and that burden has been allocated to the merchants. It seems to me like another burden that's been allocated to the merchants is something we could think of as a sort of Aunt Sally tax, which is Margot gave a very compelling description of Aunt Sally who is frail and infirm, but not completely impoverished, because the predatory high pressure salesman is interested in going to her house and prying some resources loose from her. And so that's a very serious problem that needs to be addressed, and we only have this one provision in the statute that doesn't distinguish between ethical, reasonable merchants who are playing the game for the long term based on their reputation, and the one shot black hat players. And given that Congress has gotten itself into the business of basically creating federal commercial law, I would like to impose on everyone to share something that Carl Llewelyn wrote in 1953 about drafting commercial statutes. He said, "You all have a hangover from law school, you feel that the proper way to draw a statute is to mark it out as if it were written for dumbbell judges whom you are trying to corral. Of course that isn't the way to write good law. The way to write good law is to indicate what you want to do, and you assume, within reason, that the persons the law deals with will try to be decent, then after that you lay down the edges to take care of the dirty guys and try and hold them in, which means every statute ought to have two essential bases, one to show where the law wants you to go, and one to show where we will put you if you don't." MS. SMITH: Professor Winn, I know you won't be surprised when I tell you that probably won't appear in our report to Congress, the authors of this provision. MS. WINN: So, what I was going to say was Mr. MacCarthy and I obviously have a philosophical disagreement about the usefulness of examples, I think we can predict based on the experience of a lot of forms of electronic commerce, like EDI contracting, that we are going to wait a long time before we get any good litigated cases that will provide the kind of concrete examples that practicing attorneys love to chew on. And so what I'm suggesting is your mandate in the statute is to report to Congress on a variety of things, one of which is whether revisions in the statute are needed, and so what I'm asking is, is there anything less than a revision that can be offered that will help to distinguish between the white hat merchants who perhaps could pay less of an Aunt Sally tax, with some clarification, who could be given some guidance in designing sort of, you know, ESIGN consumer protection provisions light, and other contexts where there's perceived to be a greater risk. That's what I'm asking in terms of coming up with lists of examples. MS. SMITH: I don't think we have made up our mind. I mean, I think at this point all of us still have an open mind about what will go in this report to Congress. This is only, in some ways, the second step that we've had in gathering information. The first was a request for comment, we also did I think in anticipation of this public workshop, did an awful lot of industry, consumer group, interested party outreach to try to elicit as much information as we possibly can. I mean, the public workshop today has been a font of information, but as we, I think, every moderator has said from the beginning, we will not back no useful information up until the time we go to publisher. So, I think that to the extent that there's further information that any of you or anybody out in the public has that can contribute to the debate or help us, we would like to have the best product possible to give to Congress. In recognition of the limitations we have, you know, in dealing with the time, the amount of information that's really out there, the sort of changing nature of technology in these issues, but I think it's safe to say that we are keeping an open mind and would welcome all information and suggestions that we can, like I said, up until like the practical limitation of going to publication. And again, while we have a short-term goal of getting this report to Congress in June, that's not to say that the Department of Commerce and the Federal Trade Commission won't continue to look at these issues and the policy implications of them. So, I don't think today is the be-all and end-all and it wasn't intended to be on any of our parts. All right, thank you. Mr. Gallagher? MR. GALLAGHER: Yeah, I would just echo Gail's comment. I think you look overall at E-signature, I think, you know, in the midst of a rapidly changing environment, I think the E-signature legislation has done exactly what we intended it to do, which is to facilitate electronic commerce. I think there's no question, I don't think anybody around the room would disagree with that. I think also although we kind of disagree on some of the ins and outs, you know, nobody is necessarily disagreeing that notice and consent in some form is necessarily -- you know, that's probably a benefit. I think where we come down very clearly is, again, the requirement that it's only in the electronic form is really where it becomes a little -- or at least appears to be at this early stage a disincentive, so therefore it's kind of counterbalancing the positive impact of the overall legislation. I think there's no question overall, you know, we're in the right place, we're going in the right direction. And then just one final comment, I would just echo Mark's point. I think trying to regulate and, you know, have a universal regulator, if you will, if there is such an entity to kind of come up with all the requirements they may come up with. This is an environment changing literally day by day, not minute by minute. So, I think, you know, let's live with it for a while, see where we come out. I think there are, you know, I think we already talked about here, I think the law gives us enough flexibility so that organizations, you know, that are highly regulated and want to comply will do the right thing. And I think also hopefully it will disincent those black hats, if you will, who are going through not act in accordance with the law, and will choose therefore not to do business that way. And I think longer term in the marketplace, given the way that the market is going, will say that that will be -- they will have an economic necessity to provide an electronic medium I think more and more as more and more people become online and get more comfortable with electronic interactions. So, I think if they were acting in a disingenuous way, I think time as well as the marketplace will catch up with them. MS. SMITH: Ms. Yen? MS. YEN: Thank you. I just wanted to sort of draw us back to the fact that this statute is really very limited in scope. It applies to information that otherwise would have to be in writing, and it has to be information that relates to a consumer transaction. Now, if you focus on the writing requirement, most statutes of frauds allow oral contracts to be enforced outside of the real estate realm. So, and any contract that I think is capable of being fully performed within a year or something is typically allowed to be verbal. So, most of your purchase sale contracts outside the real estate realm would not be subject to this. Moreover, you need to have the writing requirement apply to a transaction so the Federal Reserve has stated that in their view that merely applying for a credit card is not yet a transaction. So, in Keith Anderson's example of applying for a credit card, that would also be outside the scope of this statute. As far as the jeweler example goes, that is a beautiful situation where I assume the jewelry itself that is being purchased has to be shipped to me, that is the perfect opportunity to enclose the jeweler's guide with the jewelry. If as an additional service to the consumer you also want to make that guide available on the jeweler's website, that's terrific. But again that would be outside of ESIGN because that would be a supplemental web copy of something that was presumably enclosed with the gemstone, shipped to me. So, I'm not sure that we're actually dealing with a statute that has as broad applicability as you might initially think. MS. SMITH: Your last chance, any final comments before we wrap up? Well, on that note, I would like to tell you again thank you very much for your participation, we really appreciate it, got some very good information. You've got a 15-minute break and I would urge those of you who have not had an opportunity to go upstairs and see some of the technology demonstrations, they're still going on in Room 532. Thank you again. (Pause in the proceedings.) MS. HARRINGTON: Many of you have said why don't you turn on the air conditioning, well, here's the answer to that question, after about 394 years of receiving our air conditioning from the Archives Building across the street, the Archives folks announced that they need every bit of cool air that they have to preserve the national treasurers, and so now we're on our own here at the FTC, and we're building a new air conditioning system on the roof, but it's just not done yet. So, yes? UNIDENTIFIED AUDIENCE MEMBER: Maybe we could lower some of these lights. MR. HARRINGTON: Well, we will ask our video people, they are -- yeah, we'll see if we can dim them just a little bit. But I apologize, and if we don't get our new chilling system finished soon, you will see new meaning to casual dress here at the FTC. No, it's going to be tank tops and shorts. Okay, I think that's about as dim as we can go. Well, this is the part of the discussion today that I've been most looking forward to, because it gives all of us, I think, a chance to set aside the task of understanding some, perhaps, ambiguous provisions in the statute, it permits us to set aside differences about burdens and benefits and allows us to kind of blue sky as well as talk about what is real, and the subject, of course, is best practices. I think that we've had a discussion that leads right up to this throughout the day. We have a pretty good understanding of what we think is involved in many instances, at least, for obtaining a reasonable demonstration of the consumer's consent, but what are the very best ways that we see businesses going about seeking consumer consent in a way that constitutes that reasonable demonstration, are these different best practices that we either see or envision as looming on the horizon, ones that need to vary, according to business sector, are there some common denominators that we can agree to that we should look for in best practices, and particularly, those of you from the business world who are using and implementing the license that ESIGN provides, what are your best practices, or where do you see yourself wanting to go. Jeff, we're going to start with you, because nobody has their tent up, and you're smiling nicely. MR. WOOD: That will teach me. MS. HARRINGTON: So, what is your sense? You're at Household Bank. Where do you see your company going, what, in your view, would be best practices for online consumer financial services? MR. WOOD: Thank you for the entry. We have a number of -- we have about 39 different websites throughout the company, and we have a lot of different functions that are conducted different websites. In terms -- and not all of them, in fact hardly any of them actually use the ESIGN provision with the, you know, reasonable demonstration of consent. In other words, a lot of the websites are for purely marketing services, for our customer care, which is after the fact, which is not really governed by ESIGN, or our application purposes. But in the case where the customer actually does go online and conduct a transaction, you know, some of these were kind of addressed in the comments and in some questions, you know, the disclosure really needs to be clear and conspicuous, in terms of kind of mechanics. We've said that the customer needs to click, I agree, or I submit or I consent at the bottom of the disclosure. So, you have to kind of scroll down, and then at the bottom you hit the submit or I agree or I consent, I can't remember exactly what it says, after having read through the disclosures that are set forth in the statutes. MS. HARRINGTON: Now, does your company do sort of one scroll down screen and how do you, if you do, how do you vary type size font, you know? I mean, I have to say as a consumer, when I go to a website, and am confronted with what if I printed it out might amount to, you know, 16 pages of information, and asked to click that I have consented, I find that to be overwhelming, so that wouldn't in my mind be a best practice. How do you do better than that, or how do you see yourselves moving to do better than that? MR. WOOD: It all I guess depends on what you're talking on what the -- you know, what happens when on the website. And that is a problem. And one suggestion, which we in our lawyer department don't particularly like, but one suggestion is to use the scroll box, which is a little box, it's on the webpage, there's a scroll box, the document is included within the scroll box and you can kind of see the first paragraph, and then if you want to see every other paragraph, you can see every other paragraph, so instead of the page being this long, it's this long, and then there's a scroll box within it. You know, that's used for some purposes, but it's not used for the consent disclosure. Okay, like for -- and then in other cases, as a privacy statement, for example, we wouldn't force someone to read through the entire privacy statement, there's a link to it, but that's pre Graham-Leach-Bliley. You know, as of July 1, we're in the process of evaluating and changing that. So, I think if my comments over the last few minutes have said anything, I think what they've said is that we have a number of different disclosure rules and laws and concerns, and, you know, they're complex, and I think you need to as a counsel or as a business person you need to look at what the purpose of each disclosure and then, you know, act accordingly. You know, I also -- self-serving, I want to respond to the study that was quoted about disclosure in the real estate mortgage transaction that only 10 percent of them are federally required. That may or may not be true, but one thing is true, that the other 90 percent are there because some lawyer thought there was a good reason. Have them, and that might be because of a risk aversion or litigation concerns or -- MS. HARRINGTON: Well, would a best practice not include having your lawyers write the material that appears online? Seriously? I mean, would a best practice involve having the marketing department play a very aggressive role? Or somebody? We call them the marketing department here, the people who do consumer education, but -- MR. WITTE: Do you mean best practice sell or best practice stay out of jail? MS. HARRINGTON: Pardon me? MR. WITTE: Best practice sell or best practice stay out of jail? MR. WOOD: Seriously, I think that there needs to be a combination of disciplines and the compliance department, the legal department, the business person, the technology people are crucial. If you have good technology people, you're five steps ahead. MS. HARRINGTON: Okay. Wendy? MS. WEINBERG: Well, I know you're being facetious about having, or maybe you weren't, about having the marketing department write your material instead of the lawyers, but I think that's something, if we're talking about best practices, that really beyond the plain English requirements that you would want to have in your regular consumer education materials, it's an even more extreme onus on anybody who has a website to make the material comprehensible. I don't know anybody, myself included, who actually reads those disclosures, you click through to I agree, and it could say you've agreed to kill yourself in five minutes, and you're like yeah, fine, fine, fine. And so I think that first of all, it does need to be plain English, and it would be nice if it was formatted so that it was hyperlinked and you could look, you know, it would say notice, and you would hyperlink to the notice question if that's what you're interested in, or if you're talking about a big contract which you're going to be getting under ESIGN rather than getting a paper copy, it's one thing to flip through and looking at the headings, for the few of us who are actually going to look through, and to find the heading that says, you know, on the back page that this is actually the total amount that you are going to pay, and it's another thing to have hyperlinks that take you where you need to go. The other thing, just sort of generally, that would be useful, I have some fear, a few fears that I am going to share with you. One of them is that consumers consent to receive all these electronic documents, they put them on a separate file on their computer, and then either a virus takes out their computer, their hard drive crashes, or they lose all of their resources and give up their computer, and this happens so quickly due to some family emergency that they don't get to do their back-up drives, which would probably be useless anyway, because they have no place to put them in. It would be nice as a best practices if consumers got, at least once, a written, a paper statement which summarizes the agreement, maybe the essential terms of it, and a minimum there was something that gave a real life address and telephone number for the company. You know, it's one thing if you have a file and you say oh, yeah, I think I had some agreement with somebody to pay something for something, and it's another thing if you have at least one piece of paper so then you can call up and say what do I owe you, for what? Another big concern that I have, and we've talked a little bit about authentication, but for accounts where there is more than one person on the account, I have trouble seeing how you could ever get proper authentication that both users under the account have actually agreed to something. When you have a husband and wife on an account, or a mother and, you know, a parent and child, we all know thousands of stories of the bad spouse and the bad parent or the bad child, and usually most of the authentications that I am aware of, a family member would have access to. So, you know, the bad spouse who's undergoing a divorce with the good spouse would be able to provide the mother's maiden name, would be able to provide information on the last tax return, meanwhile transferring all the assets in this joint account to some place where the other spouse doesn't have access to it. Similarly, there's a lot of abuse, you know, by younger people of ailing parents, or vice versa, parents of younger kids. And I am troubled about how you could ever receive authentication when they're both using the same family email account. MS. HARRINGTON: Jane and then Virginia. MS. STAFFORD: Well, we have only a limited area where we're using the ESIGN, and quite frankly, I still think we've overcrossed the area because we back up a lot of it by paper still. Our customers still like to receive paper statements, lots of them still like to receive checks, and, you know, but we have elected to -- and I think it's the proper interpretation of the statute, although some things I heard this morning tell me people are approaching it a little differently -- elected to put our ESIGN agreement separately from any other agreement that it governs. So, if you wanted to print it, you wouldn't have 16 pages, you would have maybe, depending on what type size your computer is printing, a page and a half, for just that electronic disclosure. It describes what you are agreeing to in the sense of what records you are going to receive, but it's a separate disclosure, and it requires a separate click-through before you get to the underlying agreement that that governs, which requires another click-through to get into the authentication process of who you are. So, and now if you printed the second agreement, I can assure you it goes on for pages, because it is a standard banking agreement, deposit agreement, regulation agreement, et cetera, and it's got all the stuff in it, including a name and address. And we do encourage you on the site to print that, although our online banking agreements, even as they are revised, remain on our websites in a different place, so you can actually go back and see what you agreed to in 1999. So, even if you didn't keep a copy, it would be there. I think that's probably overkill, but we think that that's customer friendly, and hopefully. As far as you know, I think as far as authentication, I think that's always been an issue, it's an issue today in anybody who has an on-call process where you can go in and give an account number, a social and the last deposit, and you can get the record over the telephone. If you have a PIN, if you have access to the PIN, it's written on the back of the plastic, you can go into an ATM and pull all the money out. The best security we have put in there is that in order to have access to an online banking, only the accounts that belong to both people can be together. So, you can't use -- if you had a single account in your name and there's a joint account, we don't put them together, and we don't use email as an access device. Ours is HTML-based so you have to go in through the Internet system. And that seems to have -- we hope that closes a lot of doors. I will address one thing that Paul brought up earlier, however, in terms of the customer coming in, when we installed ESIGN, we also were installing a new online banking process, this whole new version of our online banking. And the first group that went on were our own employees and we got complaints sideways to Sunday as to why they had to now click through twice just to get to their verification process, but it's a one-time event, unless you're changing your agreement, whereupon you have to go back through again, we haven't changed it yet, and we have not seen any diminution that I can tell of people. We do have a process in our branches where you can actually sign up for the process. We authenticate you all the way through, however you still have to go on and click through the agreements. So, we have t continued to have relative even flow of people coming into our online banking system. So, maybe it's an elimination process, because we haven't eliminated any paper, even on the investing side where we don't have, you know, we have limited investing capability that's truly electronic. I still think the paper is still out there. So, maybe that's the customer's reaction is, I still really want the paper and a lot of customers still do. MS. HARRINGTON: So, if I could just highlight a couple of your possible best practices. One is to remember that the ESIGN disclosure goes only to obtaining consent to receive records electronically, and making that disclosure a discrete and separate event may be a best practice, because it enables it to stand alone and for the consumer to see it. And another is to have paper redundancy. MS. HILLEBRAND: Now interestingly enough, in our letter, we recommended that we abandon that separate process because we were seeing customer resistance to the double click-through, but on the other hand if you're talking about not having a customer print a 15-page agreement which contains an ESIGN agreement somewhere at the top of the box or something like that, that is the other alternative. MS. HARRINGTON: Is there anyone from the business side who disagrees with the notion that having a separate ESIGN -- discrete ESIGN consent disclosure might be a best practice? Mark? I just would like to hear a different view on that. MR. BOHANNON: Eileen, I'm not sure my comment is a disagreement, but I think it's important, and this is a useful place to do so, to remember that this discussion is -- very much today this particular discussion is occurring in the context of very well defined financial services, laws, and regulations. So, I caution that -- and this is part of your question, that we not reach broad conclusions that apply to every sector, because quite frankly I think we're all still trying to understand how the narrow scope of ESIGN may apply in other sectors. So, I don't disagree with you. I just think we need to be careful about making generalizations, because I think that financial services is a place where there has been decades, in many cases, of work about meeting the variety of legal requirements that a notice or some other part of the transaction be in writing, and that may not, in fact, be replicated in other areas. So, I caution about reaching the conclusions outside of the particular legal context in which this discussion is occurring. MS. HARRINGTON: Okay, we'll have Virginia and then Bruce who I know needs to leave in a minute to catch a plane. Virginia? MS. GOBATS: Just so that I don't forget, this issue -- I'll say it first, but then I wanted to comment on another issue. One consideration that might be given is to include the privacy policy at the same time, because the question that the investors have is now that I'm giving you my email, what are you going to do with it? So, since it looms large in their minds, you might also want to deliver that privacy policy in the same process. But on the subject of giving people a clear understanding of what we're offering, and what they're agreeing to, we recommend a number of things, and we've seen them all done. One is that you can have buttons on the bottom of the screen, for example, that click to important considerations, or that click to frequently asked questions, and there you can get that jump, you know, jumps to the kinds of issues that are really on the minds of the investor. Another is that, just an observation, that nobody was thrilled with rewriting prospectuses to do simplified prospectuses, but they're really nice. And I think, you know, a lesson we learned about that simplification process, you know, the plain English process, really needs to be applied here. And, you know, we monitor maybe 50, 50 top sites a day to see how they're dealing with consent, and it's getting better, I mean it's getting closer to plain English. The other thing is that in the buttons if somebody clicks yes to something, not only to say what it is you're clicking yes to yet, but then also say you can change your mind, right there, where they say yes, you say, and remember, you can always change your mind. Or, if you need a hard copy, call us, and give them a method of getting the hard copy. So, there are a number of best practices that make it less onerous, the idea that the document may be a long document, take forever to scroll down through or take forever to print. Also it can be -- it can be used as a stuffer, the back side of a stuffer can -- and have the consent agreement on it, and the front side says why you would want this, what all the benefits are, and if you're interested in it, let us know, here's a BRC. So, there are a number of ways that you can keep educating people in a way that's not so punishing. And then the last thing is that there's an issue that really is kind of a technical issue. If you're sending somebody from your website away to another site where they're consenting, you have to be moved, and now they're out there seemlessly, to somewhere where they're consenting to that consent site. There are some considerations about just how long it takes to click through. If it takes too long to click through, they may time out on the website. So, you really have to consider streamlining it for a number of reasons. One is that, you know, that I would consider your issue at Fidelity to be a streamlining issue. They tell you in the office, you know, that I would like to get electronic delivery, and then five hours later I need you to remember to log on, forget it, I mean I would never remember it. But those are my comments. MS. HARRINGTON: Thank you. Bruce? DR. BROWN: We have several customers that are worried about the mortgage closing, and in that arena, they, together with the secondary market who is the receiver of those promissory notes would like to have the promissory notes rewritten so that the electronic consent disclosure is in those notes, as well as, as I demonstrated earlier, on the screen. And so they are suggesting rewriting most of the statements that have appeared on paper now for the electronic form to include the consent explicitly listed in there that as one of the clauses of the contract, that by signing this digitally, you are consenting to it. MS. HARRINGTON: But there would be some redundancy, your suggestion is that there would also be separate and on the screen? DR. BROWN: Oh, it's redundant. Yes, separate and on the screen, but they are also rewriting their contract so that it is explicitly in those contracts. MS. HARRINGTON: Thank you. Margot? MS. SAUNDERS: Well, I have some best practices to propose. MS. GOBATS: Why are we not surprised? MS. SAUNDERS: Aren't you surprised? Whenever the parties are dealing with each other in person, I think the best practice would be to hand the required disclosures to the consumer. If the consumer doesn't want them and the consumer requests them to be provided electronically in addition, that's fine, they can be provided electronically in addition, you don't even need the electronic consent in that case, because you've satisfied the underlying law's requirement of providing the -- you've satisfied the underlying law's requirement by providing the paper. You are simply providing another service to the consumer by providing it electronically as well. So, you wouldn't need the electronic consent, and in that way you tremendously address some of our most serious concerns with ESIGN. Electronic documents -- MS. HARRINGTON: Can I clarify, because that seems to be at variance, I think, with a point that Paul was raising earlier, and it gets us back to our first discussion of the day, legal issues, but are you suggesting that in the situation that Paul raised, where the customer comes into the branch to open an account and wants to receive the disclosures electronically -- MS. SAUNDERS: We're talking about two different things. MS. HARRINGTON: Okay, I just want to clarify that, because -- okay, if you could address Paul's issue, too, if you've got a best practice for that. MS. SAUNDERS: There are two types of disclosures we're talking about. One is the disclosures that are required to be provided to the consumer at that moment. When you buy a car, when you sign the contract to purchase the car and to finance the car, Truth in Lending and state law requires the retail installment sales contract and various title documents, and the Truth in Lending contract to be provided. There is no reason not to provide -- not to hand the consumer those documents when they're standing right there. If the consumer says I really would like these online, I'm not a paper person, there's also no reason not to electronically transmit them or post them to the website to do a service for the consumer for that, but you don't need to have the electronic consent for the provision of those documents, because the electronic delivery of the documents is not what you have used to satisfy the underlying law of providing the documents, it's the paper. Now, if that consumer wants to continue the relationship online, and have all of -- if there are any notices related to the car, warranty to come to him online, or the notices related to the financing document, if there's a change of terms, if there's variable rates involved, or if there's a repossession, an acceleration of the note, that agreement would need to be -- the agreement to receive those writings would need to be electronically consented to, but could easily be electronically affirmed, or rather the consent to receive electronic record could be confirmed electronically at a later time. So that it was a self effectuating process. And if you provide paper to people before they walk out the door, you will cut down on all of the -- most of the allegations of fraud that we are so concerned may result from this combination of e-commerce with the physical world. Does that address your question, Eileen? MS. HARRINGTON: Yes, thank you. MS. SAUNDERS: The next is I would propose that when electronic documents are provided to consumers to access and retain, they should be provided in some kind of locked format. Not in a format which is easily mistakenly changeable by the consumer. Thirdly, I would propose that paper copies of electronic documents previously provided should be provided to the consumer upon request, and we have never objected to a cost -- to a price being charged for this, so long as the price was reasonable and close to what was actual, not -- and the price charged for the provision of paper should not be used as a punishment to the consumer for switching back to paper, nor should it be used as an incentive to -- well, it just shouldn't be used as punishment. It can, and should, understandably, reflect the actual difference in price and cost to the business for providing paper, rather than providing electronic. We understand that. The consumer should be allowed to switch back to paper, as I think Fidelity and several other organizations here have said that they allow, upon request. Now, that raises the interesting problem of what happens to those transactions, ongoing transactions where the price is based on the expectation that there will be an ongoing electronic relationship only, and I think that there has to -- that it's better for the parties to deal up front with what happens when one party loses access to electronic and work that out. And I would propose that the price be changed to be a reasonably increased price to the consumer, but that's -- in any event, the distinction or the -- it should be automatic -- it should be figured out at the beginning of the relationship. Because there are some consumers, as the Department of Commerce has noted in its excellent survey, Digital Divide, that have gone off the web and because their computers have broke, or because their situation has changed. In that same vein, there should be an automatic switch to paper notices, either temporarily or permanently, when the consumer has failed to respond to electronic notices. I think we have to recognize that there is a real distinction in the receipt of electronic notices. I think the numbers are 35 percent of the country is online from home, and everyone, and those computers at home are probably much less -- much more likely to break, people are -- when people are on the edge, they often cannot fix them, and if they're going through a life crisis, they may not remember to email everybody and go to the library to pick up their email. So, there should be some -- a best practice, at least, should be a switch to paper when there has not been a reply or a response from an electronic notice that would be expected. And I think that a best practice should also include that a consent is not considered adequate, it's not considered to be -- an electronic consent would not reasonably demonstrate the consumer's access to information if the consumer consented at the business' computer. I see some -- but that -- that is especially, if the consumer does not have his own email address. Obviously. So, if the business is establishing the email address or the business is providing the consumer the computer, that consent should not be considered adequate. If the transaction is otherwise impersonal. Thank you. MS. HARRINGTON: Thank you. Paul? MR. GALLAGHER: Well, I'm happy to say, Margot, I think we comply with almost every single one of your requirements. MS. SAUNDERS: Not surprised. MR. GALLAGHER: I'm glad to hear that. I think the only one is the consent to business is kind of the thing, the point I was alluding to earlier, but I was just going to comment a little before on just maybe a couple of -- bring together a couple of different points. I think the general move to try and get to more simplified concise language is we're all trying to get there. There's nothing better that I would like to do than to have it in a few paragraphs. Unfortunately, being in the business we're in, we've got a lot of other people who have a say, like SEC, NASDI, NYSE, IRS, et cetera, let me continue to go down the list the people who all have at this point in time varying requirements of what we need to do. So, I think we're getting better, but I think it's probably going to be some time until we can really get it into a two paragraph disclosure, which is something I think we would all like to see. I think also, again I can speak in terms of what we, Fidelity do, in terms of the authentication process, which I think someone raised earlier, we're very cautious when we have a joint account that we really need consent from both parties before we're going to suppress something. Particularly an e-delivery. And if we do, in fact, suppress it, we send written notification to the other party that it has, in fact, been suppressed, so we kind of cover both bases. So, I think in general, we're all moving in the right direction, but I do think what we would like to do, I think ideally from a business practice point of view, is to have a simple disclosure, which is short enough, yet adequate enough to cover all the things we need to do, and not necessarily a separate disclosure. Again, I come back to my points earlier today, the customers at least that we're dealing with in the financial services world, and particularly in the brokerage, in the mutual fund world, are usually looking for speed and accuracy, so they want it now, and they want to conclude it now. I think generally it's a more highly informed group of individuals in terms of knowing because it's money at stake, so there's a higher degree of, if you will, involvement in the transaction. So, I think we're all moving in the right direction, but I think we have to be careful that we don't put on yet another requirement that's going to, again, force people or require people to do even more work when they're looking again to do simple work. What we say internally is people are looking for ease of use and being able to move quickly. So, I think now that those are just comments that I would like to add in terms of the overall discussion. MS. HARRINGTON: Okay, thank you. Bob, best practices? MR. WITTE: Okay, thanks. I guess I have a few things, some responding to what's gone before in a specific question, and then maybe stepping back a little and addressing this from a slightly different angle. As to -- I guess I just want to observe Margot's best practices include some things that are actually required by ESIGN, for example the notion that you have to be able to withdraw your consent, and that the consequences, any adverse consequences of withdrawing your consent are both items that need to be disclosed as part of the preconsent, you know, ESIGN. So, ESIGN is at once requiring disclosure and imposing a substantive requirement that it be withdrawable. And so -- MS. HARRINGTON: Well, this could mean that the Commerce Department and the FTC could report back to Congress that they were brilliant in drafting a portion of the statute, because it encompassed a best practice. MR. WITTE: Margot's problems are all taken care of. Well, I mean I think in fact that there's some truth to that. A good portion of the disclosures that are called for, and we haven't spent any time because it has really been within the narrow focus of the request for this workshop, but we haven't spent much time on the other elements of 101(C), which are the disclosure requirements, which are quite specific, which have to be clear and conspicuous, and their, you know, best practice does tend to merge with complying with the law. You know, in other words, it has to be clear and conspicuous, and what is going to satisfy that criterion, especially in the risk adverse environment that at least our clients operate in. As to the question of -- and I know this was, indeed, probably said facetiously, but it's worth coming back to. My response was facetious, too, about whether it should be the marketer or the lawyer. In fact, though, I think you really want to have a team of the people who know what the law says and can apply that in a way that -- and point out that maybe this does or doesn't comply, people who know what technology can do, and, of course, people who are oriented towards what cannot be ignored, which is the goal of actually getting it out there in a way that people can understand and use, which is what marketing people can, in fact, do. Do I to get closer to the mike? So you need a team, okay? And when you put that team together, I think you notice that there are different kinds of notions about what is best practice, depending on which best practice you mean. There is a best business practice, which has a lot to do with making sure that your customers are satisfied, that your customers -- and again, I am focusing on a relationship environment, but I think it was a point well made in one of the earlier panels, there's limits to what you can do for the guy who is really trying to come in and rip you off and doesn't expect to ever be seen again. There are going to be some of those guys, and they're bad guys, but for people, at least in the financial services industry, where you're talking about a relationship, that's not it at all, and at least not 99.9 percent of the time, and so you've got a business practice of wanting to keep the customer satisfied, sending information out into the ether that they never get and then are held responsible for is not a good formula for doing that. So, satisfying substantive common sense requirements of getting disclosure successfully to people in a manner that they can understand is indeed the best practice. And there are ways of addressing that, but the ways of addressing that may be different than the ways of best legal practices for complying with what we have here, which is a statute that sets out very specific criterion -- I'll come back, of course, to our favorite but also the focus of this whole workshop, which is the reasonable demonstration test. Having that reasonable demonstration test, having the electronic consent requirement, change what our best practice is. And, you know, the fact is that reasonable law makers can differ, and obviously have differed, as to what really would be a best practice for obtaining an informed consent from consumers. The Securities and Exchange Commission, not known for being shy about trying to protect investors, that's their entire mission, has for a long time had the set of guidelines for the electronic delivery of information. Which have really been quite successfully, or at least so believes the SEC and so believes most of industry that's affected by the SEC, and the SEC's guidelines do not require either electronic consent or a reasonable demonstration test. And as a matter of fact, they don't even require consent, if you can prove actual delivery, actual access to the relevant document. Now, is this because they're not dealing with aluminum siding salesmen? Well, probably not. I mean, they're, as much as I hate to say it, but there have been known to be some bad actors in the securities industry. Is it because they're dealing with a regulated entity, with regulated entities over whom they have continuing authority? Maybe. But it may also be because they just think that maybe that isn't necessary as a best practice for actually obtaining an informed consent. And then there's the question of what's best practice for compliance with this consent requirement on the one hand, and what's best practice for getting the actual underlying substantive disclosure out there to the investor or customer, whomever it may be. And let's remember, the whole point of this consent requirement, the only applicability of this consent requirement is in a situation where the law requires that some information, may not be a disclosure, really, but information be provided to a consumer in writing. Absent that, no rule. Interesting, though, that there's some reason to believe that complying with the rule may tend -- the best practice for complying with the rule may tend to have you provide the underlying disclosure, substantive disclosure, in a way that isn't best, and I would commend you in this respect to the very thoughtful, I thought, submission that Jerry Buckley made. I would also commend you, of course, to the Investment Company Institute's submission, but I think Jerry made a very excellent, excellent point, which is that the cause, the self-validating paradigm that I mentioned earlier this morning, is one that's kind of a no-lose compliance with the reasonable demonstration test, and is easily satisfied by HTML, frequently, tends to push people towards using an HTML system for providing the underlying disclosure. That may or may not be the best way to disclose the relevant information. Is it best, for example, to get a prospectus in HTML format or some other format that's some other form that you can easily read on the Internet in the kind of text that you frequently see there, for those of you who looked at least the old Edgar submissions may think not. It's a very -- can be a very poor way to actually present information to the investor. Maybe in many cases it may be perfect, okay, but in many cases, it's going to be poor. In contrast, a PDF document, which is essentially replicating on the screen, complete with graphics and everything else, all the things that your marketing and other people -- and more than marketing, the same team, the legal, the marketing, the technical and so on and so forth, are put together as a way of presenting the substantive disclosure, and I'll come back to the prospectus, okay, which is an easy example that we can relate. It may be best to present it in PDF form, but doing that requires a more cumbersome consent mechanism. And it also, by the way, since I get ahead of myself. So, it may not be that those two best practices are consistent with each other, and you may choose to sacrifice the substantive disclosure quality in order to accomplish compliance with the consent requirement. And by the way, it may cost you more, too. One of the things that some of my clients have pointed out to me is hey, we want to put this prospectus in PDF, because that really doesn't cost anything, but if we have to go to the printers, the financial printers and have all of our hard paper prospectuses, which after all do have to be in the real world, not everybody does business electronically, so you do have to have a hard copy prospectus and annual reports and everything else for the most part, have them put in HTML and they are going to charge us so many dollars per page, and so many is no small matter and neither are the number of pages. So, it turns out that it's more expensive, but it may be something that's necessary in order to assure compliance with the rules. So, best practice is a relative thing. It depends on what you're providing, and it depends on what rule you're trying to comply with. MS. HARRINGTON: Thank you, Bob. Gail, and then Jeff, did you want -- okay, Gail and Jeff. MS. HILLEBRAND: I would like to comment on some of the practices that have been identified throughout the day that are already in use that we consider to be among best practices, and then on some other practices. I heard over here, revision, keeping the old versions accessible for the customer, that's valuable and important because people are going to think of that website as their filing cabinet, if they got it there once, they're not going to think, gee, it won't be there next year. And I have had complaints from people who have said, I can't get the privacy policy that I signed up under because only the new one is up there and it's different from the old one, so that's been an existing issue already. Telling the consumer right on the bottom of the form, this is more important I think for the underlying contract even than for the electronic consent piece. Print this out. Print this and keep it. Reminding the customer in various places that that will be of value to them as a useful practice. We heard that somebody this morning said we checked to see if the account statements are being accessed, or we're working on the technology to check and see if they're being accessed. A useful practice there would be to kick that system back to paper, or supplemental paper, if the account statement is not opened, say, two times in a row, a periodic statement. So, maybe it's quarterly, maybe it's -- three times is what you do? MR. GALLAGHER: Yes. MS. HILLEBRAND: I like two. Because it suggests something is done wrong in the system, maybe access has been lost, maybe the customer is in the hospital, maybe for some other reason they have password fatigue and they have forgotten all the different passwords they set up in all the different places, and they're just not checking anymore. So that's useful. Default to paper may turn out to be a temporary, a three to five-year kind of solution as people adjust to these systems, but it will still be valuable for building confidence during that time. The comment about the marketing departments, I think, whether it's the marketing department or somewhere else, someone needs to pay attention to designing not only the consent document, but also the underlying contract terms and provisions, to be accessible to people, for the complexity of the length of those terms and conditions to be commensurate with the kind of transaction and to be designed to get your attention. And we lawyers haven't done the best job of that, so open the door and see what happens with the marketers. I would direct you to a paper that's in preparation now by the American Bar Association, a section on cyberspace law and a section on business law. They have a task force, I think it's Task Force on Consumer Issues. And they've got a set of best practices. It's designed for business lawyers to tell their clients here's the way to have your click-through contracts stand up in court. But many of the practices that they recommend are practices that also will be beneficial to consumers. For example, not just having the I agree box with a hot link or hyperlink over to the text, but having the text show up before the customer clicks I agree. And that I think is scheduled for publication in The Business Lawyer in the next issue for comment, it's not a final document. Some other things we need to do, we all will benefit from, together, we need a system for email forwarding, for those people who would like to have their email forwarded. Not everyone wants that. Sometimes you close your account because you can't get off the junk mail list. You really don't want that stuff to be forwarded to you. But there probably would be a need for something like the DMA service, only it's please send me this material instead of please stop sending me this material. Or maybe we need both actually. There is a need to look at commercially available junk mail filters and whether they're going to filter out notices that consumers need to get. I think one of the problems in this area is that if the notice is your credit card didn't go through on Amazon, your books won't be shipped. Chances are if the books don't show up in the mail, I'm going to go online and try to find out what happened. And that part is going to work. It's the notice that comes a year later, and maybe it will say please use your product that you bought last year in this fashion notice. Maybe it's a warranty claim, maybe it's a secret warranty, no offer to replace, it's not quite a recall, it doesn't fall under the ESIGN paper exemption, but it's information that the customer not only needs, but is not expecting. And for those, the stale email address is going to be a real problem, because consumers are not going to get that information, and ESIGN does place a burden on consumers to notify everyone to whom they have given their addresses or legally-required notices. I assume Congress put the burden there because industry didn't want it and that was a choice they made, but we all need to recognize it's not going to work. We're not -- I don't think anyone in this room today could come up with all the places where they've already given their email, if we had to go out and notify all those people. You notify the post office once, there's no similar system here for notifying or for keeping them up to date. There's been news recently about disappearing email, and I would suggest that your report might urge companies not to use disappearing email for legally required notices, because we do regard our computers as our filing cabinets and we won't always print them, and if it disappears, some of us are going to be very surprised. And finally there's a real need for the description that is outside -- the plain language description, which is outside the click-through, to describe what's really in there. And I want to give you an example of what happened to me on Saturday. I went to a very reputable, well, highly regulated well-run company site, mutual fund site, and saw that in order to access my own information, in a personalized way and see those little pie charts and so forth, I had to click through the consent, and that may -- the consent to the website terms, and that made perfect sense to me, I was willing to do that. But I though I would print them out and have a look at them first. So, first I had to switch to another computer because our DSL fiasco has resulted in only one working printer in our house that's connected to the Internet, and this does happen, people are sometimes online and then they're not, or they're partially online and then they're no. And I was very surprised to find that the terms and conditions for use of the website, for accessing my information on the website also consented to receiving all my statements electronically. Now, the information that surrounded the I agree button did not say ESIGN consent, did not say get your statements electronically, didn't even say save trees, cut down your mail. It just said, do you want to use our website service, and I would suspect many consumers would click I agree without knowing that they were also agreeing to receive these important statements electronically. So, there's plenty of work to do. All I know is they're out there doing it, because I sent them an email saying does this really mean what it seems to mean, and they said yes, but your employer has an arrangement with us for 401k, we have to send you paper, so it doesn't apply to you. Suggesting that they think they'll apply to other folks. MR. WITTE: But you weren't the consumer? MS. HILLEBRAND: I sure felt like the consumer. MR. WITTE: You felt like the consumer, but they didn't -- you know. MS. HARRINGTON: Okay, we just have about ten minutes until we're going into the public portion. Jeff? MR. WOOD: Thank you. I found it very helpful today to listen to everyone's comments, and I just wanted to say that everyone has been very forthcoming, and these ideas particularly in this session have been very good. It occurred to me that some of the best practices do go to what Margot shared earlier with a list of concerns when comparing the e-commerce world with the print world, you know, with a list of benefits and not burdens, but disadvantages, and I kind of went through and I was thinking, you know, the e-commerce world has many benefits when taken with the best practices, offset most, if not all, of those concerns. The e-commerce world can provide tremendous service with the customers, it can be instantaneous, versus if you, for example, companies do business by phone, like we do, in many cases, you have to wait three or four days for the document to get there in the mail before you can sign up and get your check or get your amount or whatever, whereas on the Internet it can be instantaneous. That's a tremendous value to customers. The document can be retained permanently versus, you know, the document that's printed is, you know, at risk of loss in a hurricane, or not really -- I'm not really that concerned about natural disaster in my house, it's the not knowing where everything is because I have so much paper, like any other lawyer, you tend to keep paper. I refinanced my mortgage recently and I needed to find a copy of the previous mortgage and I just plumb couldn't find it. Now, had I had an e-documentation of my earlier transaction, I could have theoretically, had there been a best practice, I could have gone to the mortgage company and said I would like a copy of my mortgage, they could have emailed it to me within ten seconds, then I could have sent it on and I would have been done. So, I would propose as a best practice, that kind of very safe retention practices, you know, is a concern, and I totally agree with Margot about alteration of the documents. I think that the technology is there so that documents are not altered and so that they're retained for an appropriate period of time, whatever that is for the transaction or the document. That really is better than paper, which not only can be lost or destroyed or stolen, but it also can be altered, and, you know, we've had cases where documents have been altered, where, you know, a variety of different documents have been altered. The other benefit is that electronic transactions really contain the promise of eliminating ID theft, and we're not there today, necessarily, but we will be, and that's really critical that, you know, that I can know that my digital signature will never be used by someone else, unless I give it to them. And of course I share the concern with the spouse who is going to divorce you the next day or the child of the elderly woman and so forth, that's an issue, and I think that's going to be there. It's there in the print world, they're in the e-commerce world. Also, there's the possibility that you will never have to change your email address. If I move across country, I can keep the same ISP provider and have the same email address, so that my company that I do business with don't have to change their records, I don't have to notify them. You know, we're concerned about the stale email address, but there's a benefit there, if you just flip that around, there's a technological possibility that I could from now until death have the very same email address. So, that's a tremendous benefit. I wanted to note one thing that no one mentioned, keeping the link to the document on the website for a period of time, the Federal Reserve in its proposal mandated a 90-day proposal. I would suggest that that certainly in that case, you know, that's fine. It would be okay, certainly. I think that this should be a market oriented approach. I think the major problem with electronic documents that Margot listed that everyone is going to have to struggle with is that not everyone has access, and there is typically a charge for access. And, you know, this is the kind of what the country has based, you know, whenever there's been a major technological change. When the cars were invented, not everybody had cars, a lot of people had horses and buggies, and there were probably people who were saying, you know, horses and buggies have these really clear benefits that, you know, cars don't have. And I know that was the case. You know, but then Henry Ford developed an economical car. So, what we need is a Model T for computers, it's getting there, and I think that if it was 45 percent now, it was 10 percent a few years ago, it will be 80 percent a few years from now. MS. HARRINGTON: Thank you, Jeff. We're going to hear from Mark and Virginia and then we're going to move right into the public participation part of the day. Mark? MR. BOHANNON: Thanks. Let me again point out that as probably the one industry representative here who has not exclusively devoted his life to financial services in this context, that because ESIGN may affect other areas, I want to reiterate that I've heard, I think, a really excellent discussion among the consumer advocates and among the business representatives about a variety of very useful best practices. As I've listened to them, and I could add many more, that come out of the quality movement, and other areas in terms of putting customer first as a priority, I want to, I think, come back to -- I haven't heard yet any best practice suggestions about (C)(ii) provisional and regional demonstration. And so I think that, again, I think you've done an excellent job of discussing what really are good business practices generally, about dealing with a user or consumer, I want to go back to that, because as I was thinking through this session and looking at that and having participated in a variety of best practice development efforts in a variety of sectors, where best practices depend on knowing what your goal is, building consensus around it, having experience from which to draw best practices, so that you're not creating artificial efforts at trying to achieve the goal. I think we have to keep in mind that there is still both legal uncertainty about what reasonable demonstration means, and that is being communicated on all sides today, that we're still at a very preliminary level of seeing this implemented. And I'll use my own personal experience. I've actually started asking many of the folks who have to give me notices to give them to me online. My first realization was that few of them are prepared to do so. I'll be quite honest with you, I think we're still at a very nascent stage of having those who have to give notices do it online. I think there's still a time to market question. The second is for those who are sending them to me, I am noticing that I am more empowered as a consumer. And I want to be very clear about this, because I, you know, although my eyesight is getting worse as I get older, and I haven't gotten bifocals yet, I'm finding that when I get the notices electronically, I can then use search features that are provided to me in the operating systems and the personal productivity applications, whether it be in Word, WordPerfect, Lotus Notes, HTML, PDF, I can actually search for whether I'm subject to an arbitration clause, which is an example that came up here later. Whereas when I was reading it in the paper form, I had a lot of trouble trying to discern what it was. And so I think that one of the things that the FTC could do is encourage NGOs and others to educate consumers on how to use the tools that come with the Internet, to make yourself more informed of the notices that you're required to get by law. I use that only as an example. And I think that one of the issues around best practices is that -- and I go back to the issue of consensus and understanding the real world is, best practice is ultimately in these particular contexts come up against a variety of goals. And, for example, in the privacy area, where we've done a lot of work with our industry members, we have privacy policies going back to 1995, working with them on meeting USEU safe harbor provisions, as well as existing FTC concerns. We don't believe it's a best practice to tie your privacy policy to other disclosures, because we're finding from our customer members, customer research, is that privacy is not such a high profile issue, that if you bury it with something else, you are not really meeting the customer demand. So, I caution as we try to come to grips of what our best practice is, in the context of (C)(ii), that there are a variety of demands here for those who are trying to meet customer needs, legal requirements, keep customers coming back to you that affect some of these things. And that's even before I get to how I even begin to discuss what are best practices in meeting (C)(1) about helping people explain what software and hardware requirements are. That's a whole other discussion. So, I leave that with you as someone who is not just an exclusively financial services representative here. MS. HARRINGTON: Thank you, Mark. Virginia, you are going to have a very quick last word here before we begin the public participation. MS. GOBATS: Okay. I was eliminating from my list best practices that got mentioned around her, but one, I think we're not talking enough about the education of the investor before they get to the consent point. That maybe we ought to do the demo I had upstairs, we have to do more like that showing people what will happen. You do this, then we do this, then this happens to you. You make that choice and you get the delivery. So, we do more of that on the website, even, saying here's what the process looks like. And then the idea of many of our clients use trial periods, so they make available the electronic delivery and say we will turn this off in three months. You will get a chance to consent to them turning the paper off, three months from now we will send you a reminder. So, that helps people because they're changing their habits, it's a behavioral change that's going on, and you want to make sure that they're going to be comfortable in it. Then I just wanted to cheer for HTML for a moment, because we have some beautiful HTML screens out there, done by me, I'm not even a techy, nice bolding, point sizes, varied all over the place, everything, symbols, so HTML is not so ugly, and XML allows you to jump from place to place, which is good. The other thing is, nobody has mentioned, I don't think, the fact that most of the firms are downloading the software you need to be able to display the document. So, everybody I know is downloading Adobe Acrobat if they have PDF files. So, that's the best practice that I think everybody is following. And then the last is help, getting a lot of help. For example, the best practice that Fidelity has is giving you help on the phone with going through with the process itself. If you make a mistake, you don't really know how to go through the consent process, trust me, call those customer service people, they are wonderful. I've done it three times and I keep thinking that I didn't do it right. MR. GALLAGHER: Thank you for that. MS. GOBATS: Right. One last thing is that there's something looming out there and that is the threat in some cases of aggregators, and the aggregators who are out there offering your clients or all of our clients a view of their entire portfolio and all of their relationships, really present a threat of our customers losing their direct relationship with us, and not even looking at our statements, electronic or otherwise. So, it will help us to move forward with the electronic delivery and establish that relationship now to get people to tell us more about what they want in their products and services, in the products and services that we deliver. MS. HARRINGTON: Thank you. I was just whispering here with my colleagues that perhaps what we and the NTIA folks ought to do outside of the context of this assignment, completely, in fact months and months after we're done with this report, is to insight people to come in for sort of a best practices fest after we have some real experience that Mark, I think, so clearly explains is really necessary to develop an understanding of what best practices might be. So, maybe we'll do that, you know, I can't think of any better place than Washington in oh, January, for all of you to come back and visit, but I think we will talk about that with our colleagues at NTIA and do something like that in a time when we're done the road a little further, and that may be something that we say in our report that we're going to do. Okay, Eric, have you received any cards from anyone? Well, here was the process for people who wanted to participate, we asked you to fill out little cards letting us know that you wanted to participate during this last portion of the day, and none of you have, although some of you used the cards to send questions up, but we will not stand on formality. Is there anyone who has been patiently sitting through this entire discussion today who would like to ask questions or address questions that have been discussed? Anyone? Susan? Go to the microphone, please. And identify yourself and your affiliation for our reporter, if you will. MS. GRANT: Is this working? Sorry I didn't use my card. I just want to say -- MS. HARRINGTON: Could you identify yourself. MS. GRANT: I'm sorry, Susan Grant, National Consumers League. I just want to say how encouraged I am by this conversation today, and I think that the report to Congress should be so far so good. It looks like things are working well so far from what little we know in the short time that the law has been in effect. I do think that this should be given longer before any recommendations are made for changes, and I especially want to put in a plug for the requirement for consent to be made in a way that demonstrates the consumer's ability to get the information electronically. That's a very, very important provision, and I haven't really heard anything so far today that makes me think that it's overly burdensome. If it means that in some cases fewer consumers are agreeing to get information that way, that's not necessarily a bad thing at this point. It may mean that people are making decisions less impulsively, that they are considering further whether they want to get information this way or whether they would prefer to get it by paper or some other means, and so to the extent that it gives consumers time to deliberate and make a better informed decision, that's not necessarily a bad thing. And finally I want to say that I think that this just opens up tremendous opportunities, as several of the speakers have alluded to, to do an even better job than has been done before in giving information to consumers in a way that's timely, and that is going to catch their attention in a way that they'll actually read and understand, and anything that we can do at the National Consumers League or any other consumer advocacy groups to help business with that, we would be very happy to talk to you. Thanks. MS. HARRINGTON: Thank you, Susan. There's someone in the last row with a hand up there. Would you give us your name and your affiliation, if any. MR. LEDIG: Bob Ledig with Fried Frank here in D.C. Three quick questions. Number one, does anyone on the panel believe that subsection C applies to transactions that do not trigger a required disclosure; in other words, simply a consumer business agreement online? Does anyone on the panel think that that is subject to section C? Number two, GLBA privacy kicks in July 1. The statute says that you can give notices through a writing, electronically or as an agency decides. Does anyone have any view as to since there's no specific writing requirement there, whether the consent provision applies. And third, the Federal Reserve Board in the interim order that just came out clearly is in favor of having email notices tell people to go visit a site or to give a -- some sort of a -- you know, to go visit the website to see information. Do people on the panel believe that that requires a demonstration that you can also read the email as well as the demonstration you can read HTML on the site? And I'm sorry I strung those all together. MS. HARRINGTON: Well, I think the answer to the first question is no. The answer to the second question is I don't know, and I don't know whether the people who are working here at the FTC on Graham-Leach-Bliley are working on something, whether the other agencies that have to provide guidance are, I just don't know, but I'm sure that as we get closer to July 1st, all of the agencies that have responsibility will be putting out more information, and so I would urge you to watch their websites. And I was really busy thinking about your second question, so I don't -- anybody want to say anything about the third? I don't remember what it was, actually. MR. WOOD: Regarding Graham-Leach-Bliley last May, in May of 2000, the banking agencies and the FTC all issued a rules that were substantially similar. MS. HARRINGTON: Right. MR. WOOD: That are now in the process, most people have begun receiving disclosures from companies. Financial services companies. MS. HARRINGTON: Right, but I think that there was a specific question about guidance for -- MR. LEDIG: The question is ESIGN is triggered by a requirement to get something in writing, the statute here gives three alternatives, only one of which is a writing. While the GLBA regs talk about getting consumer consent, they appear to basically just require a click-through on a website, as compared to the whole consent provision, including a demonstration provision. That's the point I was referring to. And the third point, question is if you interact with somebody and you say I'm going to email you to let you know the information is on the website and there's nothing in the email, other than letting you know go to the website, do you have to drive someone outside of the website and see that they can read email and demonstrate that? In other words, is that part of the disclosure process? MS. HARRINGTON: That's a reasonable demonstration question, and I really am not in a position to answer that sitting here. Or to give you my two cents worth. Anyone on the panel want to? MR. WITTE: Well, the whole issue of whether or not something is required to be in writing when there's an electronic alternative provided online is really a very interesting one, and it's not terribly clear. It's one of those things that is distinctly unclear and is particularly exquisite in the context of the privacy rules, because as Bob and I were talking about at the break, the regulations add another twist to what the statute provides, and there's, I think, a fair amount of misunderstanding as to what the privacy rules, both regulation SP and D and ABC, whatever they are, provide the need for consent in the context of electronic delivery of privacy notices. I think it's something that's really got to be worked out and understood. But it's really one of the great ambiguities which we could spend a whole other session on. MS. HARRINGTON: Right, and it's quite a ways beyond the task that we're about here today, but I'll -- Margot, you had your tent up, did you want to say something and then we'll move on? MS. SAUNDERS: I just wanted to flag what was just flagged, which is that there is an underlying ambiguity about what records are actually covered by this, as we've already identified, does the underlying law have to specifically say in writing or is the underlying law allows electronic already, does that not mean that ESIGN consent disclosures would kick in, and I would argue that a reasonable reading, that a safe reading, certainly a best practice reading, is that the consumer consent provision should be applied to anything that -- any writing requirement that is supposed to be -- any requirement of a notice that's supposed to be provided to a consumer, whether the other law allowed it to be electronic or not. The purpose of the provision in ESIGN is to make sure the consumer can access it and why should we have a different rule because another law preceded ESIGN didn't think through all of these issues. MR. WITTE: But therein lies the reg, because the other rule set its own 17 requirements and then you have to decide whether you need to comply with 24. MS. HARRINGTON: Well, I think that everyone who has read the statute has spent hours, days and weeks on this particular issue, perhaps without reaching any resolution. Fortunately, our task here is not to reach any resolution or even have any discussion on that. So, someone else had a hand up back there. Yes? Thanks. MR. GREENWOOD: Daniel Greenwood, I'm here for the Commonwealth of Massachusetts today, and when we started listening, I think that the thought was this impacts state law, it's something we ought to know about, and through the course of the conversation, I started wondering whether this, in fact, could apply to governmental entities as well with respect to individuals that are doing some kind of transaction with the governmental entity as a consumer in some way, and I wondered if any panelists had any thought on that. A couple that just came to mind which I was testing against the statute were, you know, maybe some sort of financial aid with a public school, you've got something maybe like a tourist making a reservation online with a public campground, and there's a regulation that indicates that people who make reservations will get a notice confirming it, in paper, would be the understanding. EBT, electronic benefits transfer, welfare benefits, there's a lot of written notices there. Any thought to whether consumer subsumes citizen, or is consumer taken to be understood as a private interaction? MR. WITTE: Well, Dan, as you know, there is -- there is the notion that is pretty reasonably substantiated that purely governmental functions, but purely governmental affairs, aren't covered by the definition of transaction and therefore wouldn't be applied. On the other hand, to the extent that there is a commercial element, which I think is what you were trying to describe, or were describing, then pretty good question, and it would seem as though it would apply, if the government has also, by the way, imposed a writing delivery requirement on itself. MS. HARRINGTON: Lots of interesting questions arise under this statute. Again, we're really focused on the reasonable demonstration requirement of the consumer consent provision, and the costs and benefits associated with that. So, we'll have another -- we'll have a quest fest maybe later on on all the other reasonable questions that we could reasonably discuss. Anyone else? (No response.) MS. HARRINGTON: Well, I'm going to turn to I think to Wendy, on behalf of our colleagues at the Commerce Department for some closing remarks. MS. LADER: Thank you, I get the lucky task of tell you that the day has ended, and it's ended early, half an hour early. We want to thank you very much. MS. HARRINGTON: That's our strategy of not having air conditioning. MS. LADER: That's right. MS. HARRINGTON: Blame it on the Archives, but it's really, you know, so we can keep on schedule. MS. LADER: We want to thank all of the panelists who came here today for your fabulous insights on the ESIGN consumer consent provision, this has really advanced the discussion and it's going to significantly help us as we prepare to draft the report. What are our next steps? As you know, this report is due to Congress on June 30th, so we will be turning to that report drafting process very soon. You've also heard that we're going to keep the record open so you can file further comments, or for those you who haven't filed, please file initial comments if you're interested. Obviously the sooner you file those comments, the sooner we'll be able to read them and consider them. And follow up with you if we have any further questions. So, we hope that you will file those soon. Finally, I want to thank a number of people here. This workshop is the product of many good minds, and I want to thank at the FTC Eileen Harrington, Teresa Schwartz, Marianne Schwanke, April Major, Craig Tregillus, excuse me, Carole Danielson and Eric Laska, and at NTIA, I want to thank Sallianne Fortunato, Josephine Scarlett, Sandra Castelli, Michael Pazyniak and Tracy Marshall. There are probably a number of people who worked on this who I haven't mentioned and we thank you as well. And to those of you who stayed for the entire day, you are the true survivors, I think we need a new DOC/FTC survivor game and you have won. So, we owe you our greatest thanks and hope that you have found this day to be as informative as we have. Thank you very much. (Applause.) (Whereupon, at 4:36 p.m., the workshop was concluded.) |