acm - an acm publication

Articles

Electronic signatures and the new economy

Ubiquity, Volume 2000 Issue October, October 1 - October 31, 2000 | BY Daniel Uhlfelder 

|

Full citation in the ACM Digital Library


An introduction to the Electronic Signature in Global and National Commerce Act (E-Sign) recently passed by Congress.



Introduction

With a stroke of the Presidential pen and the swipe of a smart card, electronic signatures have attained parity with paper contracts in the United States. On June 30, President Clinton signed Senate Bill 761, titled the Electronic Signature in Global and National Commerce Act, or "E-Sign." The legislation, approved by the House and Senate by overwhelming margins, is seen as helping to pave the way for an era of e-commerce where companies can complete transactions online instead of on paper. The law went into effect on October 1.

President Clinton signed the bill using an encoded smart card on the grounds where the Declaration of Independence was signed with a quill pen in 1776. The site selected was a powerful symbol of how far and fast the American economy has traveled in nearly two and a quarter centuries. The President emphasized that the law has far-reaching positive ramifications for the new economy. "Under this landmark legislation, online contracts will now have the same legal force as equivalent paper contracts," Clinton said. He said companies could potentially save billions of dollars by sending and retaining monthly statements and other records in electronic form.

The History Behind E-Sign

During the past year, 18 states have enacted variations of the Uniform Electronic Transactions Act (UETA), and variations are pending in at least 12 other states. The E-Sign bill signed by the President is a variation of the wording drafted by the National Conference of Commissioners on Uniform State Laws and approved at its Annual Meeting in July 1999. The act is a body of legislation validating the use of electronic records and electronic signatures.

UETA was drafted to eliminate any doubt concerning the enforceability of electronic transactions, whether in the form of retail Internet trades, electronic credit transactions, electronic data interchange or e-mail usage. Approximately 46 states have enacted some form of legislation pertaining to the use of digital signatures. Most of the laws enacted fall into one of two categories: comprehensive regulatory guidelines or brief directives that simply authorize the use of electronic or digital signature technology.

In June 1999, the American Bar Association, in cooperation with the National Association of State Procurement Officials, National Institute of Governmental Purchasing and others redrafted the Model Procurement Code. Among the changes made was a revised definition of signature to permit the acceptance of an electronic signature that is consistent with individual states' electronic or digital signature acts.

What the E-Sign Act Does

The E-Sign Act signed by the President eliminates legal barriers to using electronic technology to sign contracts, to collect and store documents, and to send and receive notices and disclosures. The federal law, similar to laws already approved in dozens of states, requires that consumers consent affirmatively to conducting business online and receive consumer protections online that are equivalent to those they receive offline. The law also guarantees that government agencies have the authority to enforce the laws.

Under the legislation, no contract, signature or record can be denied legal effect solely because it is in electronic form.

The federal law defines electronic signature as an "electronic sound, symbol, or process, attached to or logically associated with a contract or other records and executed or adopted by a person with the intent to sign the record."

The Role of "Digital Signatures"

The E-Sign Act does not prescribe what type of electronic signature must be used but specifically allows users to utilize digital signatures as a form of electronic signatures.

Digital signatures identify and authenticate the originator of the information. They allow the receiver to ascertain the identity of the sender and to determine whether the message changed during transit. In addition, they permit verification that the information has remained unchanged after the sender signed the message and allow a user to securely identify himself or herself on the Internet.

A digital signature consists of an encrypted or mathematically scrambled document that appears as a string of characters appended to the message and serves to identify the sender and establish the integrity of the document. Only someone with the proper software can decode the signature.

Digital signatures are typically generated using a public key or an asymmetric cryptosystem. An asymmetric cryptosystem is based on the use of two software codes, or a "public-private" key pair. The "private" key is kept secret by its owner and used to encode the digital signature. The "public" key is made available to persons who need to decode the transmission. The public and private keys are mathematically related, but the relationship is so complicated that it is "computationally infeasible" to deduce one key solely from knowledge of the other key. The keys are such that the digital signature created by one key can only be decrypted by the other key. Public key infrastructure (PKI) provides the foundation for deploying, using and managing the encryption keys and digital certificates that enable digital signatures.

The new law clears the way for companies to use digital signatures in transactions, knowing that, in theory, a federal statute and many state statutes recognize it as a legally binding agreement. The key to the future of electronic or digital signatures will depend in large part upon three non-exclusive factors.

(1) Sender authentication (verification of the sender, typically through verification of a certificate identifying the sender)
(2) Message integrity (confirmation that the message or signature was properly received in the original format of the sender)
(3) Non-Repudiation (confirmation that the sender cannot deny the message or signature was sent)

Because of the rapidly expanding use of e-commerce on campus, the passage of the federal e-signature bill and the existence of numerous state laws in this area, it is crucial for businesspeople dealing in electronic contracts to become familiar with the laws in the states where they are contracting. In addition, businesspeople should understand how those laws interact with the new federal law.




Daniel W. Uhlfelder is the director of Business and Regulatory Affairs at HigherMarkets, where he is responsible for business development and running the legal department. He is also the editor of Law Watch and has worked in all branches of the federal government, including as staff aide and law clerk in White House.

COMMENTS

POST A COMMENT
Leave this field empty