Information Security News mailing list archives
E-Signature Act implemented Oct 1st
From: Marjorie Simmons <lawyer () USIT NET>
Date: Thu, 28 Sep 2000 09:54:38 -0400
[I'm observing new state laws related to this being drafted to provide stricter penalty provisions for forgery than for traditional forgery. Obviously, e-signature forgeries accomplished concomitantly with cracking will be a focus activity for state prosecutors. In a civil suit, it will help companies avoid a comparative negligence loss to have the databases storing the entries from their access-security logs cross-referenced with their logs of signature verifications, and to routinely run a reference-checking algorithm against the assembled data. -- Marjorie] http://www.law.com/cgi-bin/nwlink.cgi?ACG=ZZZRG8CA6DC E-SIGN: A Nudge, Not a Revolution Oct. 1 is big day for E-signature implementation, but states, business have work to do Mark Ballard The National Law Journal September 19, 2000 When president Clinton signed the E-Signature Act into law on June 30, an insurance lobbyist called it "the single most important piece of technology legislation." And everyone pretty much agreed. Not since notarized written signatures replaced wax and signet rings has history seen such a fundamental change in contract law, they said. For the first time, beginning on Oct. 1, digital executions, known as e-signatures, will be accepted as legally binding. But despite the historic nature of the act, the sea change, initially, will be slow. "It's not so much a change-the-state-of-the-world law as it is a statement" that the government approves of the paperless way of doing business, says Gary L. Kaplan, a partner at Pittsburgh's Reed Smith Shaw & McClay. "It's a statement that lends confidence to the business community. But there's still a lot that needs to be worked out in real-world application before we'll see the real effect of the E-Signature Act." The Electronic Signatures in Global and National Commerce Act (E-SIGN) was aimed at bringing the legal community in line with the galloping pace of business-transaction technology and aimed at fostering uniformity among states that have weighed in on the electronic authentication of contracts. The law is a broad and general statement that contracts cannot be invalidated simply because they are in a digital form. The law is designed to pressure states to pass the uniform legislation enabling its citizens to use e-signatures. Some states have already done so. But E-SIGN addresses neither contract enforcement nor the safeguards that seemed almost automatic in the old pen-and-ink days. Even though transactions will be paperless, companies nevertheless still must provide an adequate trail of records for regulators and auditors. Therefore, businesses must develop systems and procedures which prove that records have not been tampered with, that the signatures are accurate, and that all parties know that all the other parties had approved the agreement. "The short message to clients is that E-SIGN doesn't end the analysis, the need for diligence for developing effective procedures," says Kaplan. "Businesses still have a significant responsibility to get their ducks in a row." Larry Zanger heads the information technology and electronic commerce law department at Chicago's McBride, Baker & Coles. Zanger also sees a year or so shake-out before e-signatures become everyday things. "Until the issues are worked out, I don't think there's going to be a great hue and cry to implement e-signatures on the consumer level," Zanger says. "There's still an awful lot of gray out there." LACK OF HARMONY One major problem was the reason for E-SIGN in the first place, and that was the lack of harmonization between the laws being passed by states. In July 1999, the National Conference of Commissioners on Model State Laws, meeting in Denver, recommended a model statute called the Uniform Electronic Transactions Act. As its name implies, the act is designed to standardize various laws across state lines so that business can make its contracts and ordering procedures more uniform to take advantage of the Internet. Problems arose almost immediately as states passed their own laws. Several states, including California, attached so many exemptions that the nationwide uniformity being sought was undermined. Twenty-two states already have passed some form of electronic- transaction laws, and another 24 have addressed e-commerce contracts in some way. Several other states passed statutes that allow for e-signatures, but, like Utah, mandated how the e-signature would be used and verified. In those states, an industry has developed to provide that technology. But E-SIGN will immediately supersede laws in several states -- such as California, because it allowed too many exemptions, and Utah, because it specified the technology to be used for electronic signatures. Thus, E-SIGN has created enough trouble, says Zanger, that it's not a far reach to suspect that some state may challenge the constitutionality of a federal law that, in effect, imposes the federal will on the traditional state prerogatives to set standards and interpret contract law locally. But Edward J. Finn, the general counsel of New America Network Inc. and NAI Direct Inc., related New Jersey-based international networks of real estate brokers, says that effective uniform rules and regulations are imperative for e-commerce to flourish. "From my point of view, from working in a number of different states involved in transactions that are intrinsically local but may involve buyers and sellers in a number of separate jurisdictions, the development of a standard can only facilitate business," Finn says. While he says that E-SIGN leaves many questions open, "it does provide a clear signal to the states that the federal government supports some sort of means to level the standards." He adds, "I would advise a client to get involved in state-level movements towards enacting the unifying legislation. But, frankly, I don't see an immediate groundswell among the service providers." A WAITING GAME David Peyton, director of technology policy for the National Association of Manufacturers, a Washington, D.C.-based trade association and lobbying group, agrees that it will take time. "It'll take the states several years before they enact the legislation. In the meantime, the federal legislation will act as a bridge," he says, adding that the new law memorializes what businesses already have been doing among themselves. For instance, in the mid-1980s, the big automakers announced that they would only do business with suppliers that followed Electronic Data Interchange guidelines. About 150,000 companies adopted the guidelines. But far more firms found the standard too expensive or complex and opted out of competing for the business. Now, as a direct result of E-SIGN, Peyton says, the Big Three automakers organized a company to handle the purchasing of parts and supplies on the Internet. Ford Motor Co., General Motors Corp., and DaimlerChrysler A.G. control the new firm, called Covisint. Peyton says that Covisint opens the competition for the $200 billion yearly business to all sorts of companies, large and small, that chose not to be a part of the Electronic Data Interchange. Likewise, the National Association of Manufacturers released a survey on Aug. 8 that showed the top priority for 30 percent of America's businesses with more than 500 employees was to make most of its purchases on the Internet in order to reduce order processing and transaction costs. A major proponent of E-SIGN was the American Bankers Association, a Washington, D.C.-based trade and lobbying group. "Effective Oct. 1, you can say that you have a very broad provision in federal law that says that you can no longer deny the validity of a contract solely because it is in electronic form," says L.H. Wilson, associate general counsel for the association. "Beyond that? People are still trying to digest it and see the best way to proceed." - - - - - - - - Marjorie Simmons lawyer () usit net http://www.carpereslegalis.com ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- E-Signature Act implemented Oct 1st Marjorie Simmons (Sep 29)