Electronic Signatures in Global and National Commerce Act (2000)

Steven Puro

Congress enacted the Electronic Signatures in Global and National Commerce Act (P.L. 106-229; also known as E-SIGN) on June 30, 2000, and the law became effective on October 1, 2000. The main purpose of this statute is to create an equivalent legal status for electronic signatures and documents with the legal status of handwritten documents. This act enhances possibilities of e-commerce especially in legal transactions and the financial services industry. The act's purpose is "to facilitate the use of electronic records and signatures in interstate and foreign commerce by ensuring the validity and legal effect of contracts entered into electronically."

An electronic signature is information or data in electronic form connected to an electronic record. The person, or an electronic agent of the person, authorizes the signature as part of the intent to sign a contract, agreement, or record. Both consumers and businesses can now enter into contracts through electronic transactions. This law also allows transfer and use of electronic records and documents, and it grants legal status and legitimacy to these transactions, records, and documents. The electronic record-keeping provisions of this legislation became effective on March 1, 2001.

The key element of the act is presented in Title I:

(a) In General. Notwithstanding any statute, regulation, or other rule of law (other than this title and title II), with respect to any transaction in or affecting interstate or foreign commerce—

(1) a signature, contract, or other record relating to such transaction may not be denied legal effect, validity, or enforceability solely because it is in electronic form; and

(2) a contract relating to such transaction may not be denied legal effect, validity, or enforceability solely because an electronic signature or electronic record was used in its formation.

An important part of national government responsibility through the Federal Trade Commission and the U.S. Department of Commerce is to prevent fraud and deception in the operation of the electronic transactions. Congress sought to protect consumers by requiring that they consent to receive electronic records. Prior to this law, many transactions—especially financial or credit matters—required consumers to receive such items as disclosures, statement of rights, obligations, or other notices in writing, and the law required the consumer to provide a written acceptance. This legislation allows this process to occur electronically.

A key question and an ongoing debate about this legislation centers on how to demonstrate consumer consent. The legislation addressed this concern and provides that the consumer must "consent(s) electronically or confirm(s) his or her consent electronically, in a manner that reasonably demonstrates that the consumer can access information that is the subject of the consent." For example, if a consumer has access only to Microsoft Word, the law would require businesses to format documents in that language. Another key issue is whether the federal legislation controls state consumer protection laws. In this legislation Congress protected state interests by allowing the federal law to be displaced by state action. States have the option of adopting either the Uniform Electronic Transactions Act (UETA) or another set of rules that effectively adhere to the electronic signatures legislation. The legislation takes into consideration that states could enact both the UETA and their own consumer protection provisions.

The societal importance of this legislation is that it legitimizes and expands the electronic marketplace. The law provides a basis for both consumers and business to ensure that electronic signatures and electronic records are valid legal documents with an assurance for the security of the signatures. The rapid extension of electronic resources combined with an accurate and acceptable form of electronic signatures allows for quick and effective operation of both global and national marketplaces. The Electronic Signatures in Global and National Commerce Act encompasses legal standards to create economic decisions in a technological era.

See also: Electronic Communications Privacy Act of 1986.

BIBLIOGRAPHY

Federal Trade Commission. "Federal Trade Commission and National Telecommunications Information Administration, Department of Commerce, ESIGN Public Workshop," April 13, 2001. <http://www.ftc.gov/bcp/workshop/esign>.

Menna, M. "From Jamestown to the Silicon Valley, Pioneering a Lawless Frontier: The Electronic Signatures In Global and National Commerce Act." Virginia Jornal of Law & Technology 12 (2001).

The Uniform Electronic Transactions Act

The Uniform Electronic Transactions Act (UETA) is a law proposed by the National Conference of Commissioners on Uniform State Laws. Adopted by twenty states by mid-2003, UETA, like the federal Electronic Signatures Act, was designed to remove barriers to electronic trade by providing a set of legal principles to govern electronic signatures and records. Some states adopted the uniform version proposed by the conference, while others incorporated additional consumer protections. States were not required to adopt legislation on this topic and could rely on the Electronic Signatures Act alone to govern their electronic transactions.

Digital Signatures

A digital signature is an identifier that can be used to authenticate the sender of an electronic message (e-mail) or the signer of an electronic document. This technology can also be used to ensure the integrity of the message or document (that no alterations have been made since it was signed) as well as to date/time-stamp the document at signing. Finally, the signatory cannot easily repudiate or refuse to acknowledge his digital signature, nor can the document be easily forged.

Due to these criteria, a digital signature can be trusted and used like a written signature. On October 1, 2000, the Electronic Signatures in Global and National Commerce Act (known as the E-Signature Act) became effective in the United States. This act basically states that a signature cannot be denied simply because it is electronic, and an electronic signature must be considered as legally valid as a written signature. Not all electronic signatures, however, are digital signatures, so it is worth noting the following electronic signature examples that are not digital signatures:

• a biometric identifier;
• a written signature on a document that has been scanned into an electronic file; or
• a signature on a document that has been faxed (transmitted by facsimile).

So what is a digital signature? A digital signature uses cryptographic technology to create an electronic identifier, but it can be used with any message, whether the message is encrypted or not. Thus, digital signatures can accompany an unencrypted or an encrypted message. For example, the Computer Emergency Response Team (CERT) broadcasts messages of computer vulnerabilities in clear text (unencrypted) to everyone on its mailing list. To allow its recipients to verify that these messages come from the CERT and are not spoofed (counterfeited into looking like messages from CERT) or modified in transit, the CERT signs all of its messages with its digital signature. Yet a government employee protecting classified information or a company employee protecting trade secrets would not only digitally sign his document but would encrypt the base message as well.

Many different software packages can be used to create a digital signature, from freeware to PC-based, shrink-wrapped software to large server- based systems, also known as public key infrastructures (PKIs) . The process for sending a digitally signed unencrypted message is the same regardless of the package used as follows. A user creates a digital signature with a private key that he keeps to himself. He then attaches this signature to a document and sends it to others. His private key is mathematically linked to a public key that he posts on a public key server. He then tells the recipient(s) where his public key is stored. The recipient can then retrieve the sender's public key and reverse the process to determine the authenticity of the document.

The process for sending a digitally signed encrypted message is similar. In this case, the sender must retrieve the recipient's public key from a public key server. She then uses it to encrypt the message and send it to the recipient. The recipient then uses her own private key to decrypt the document, and the sender can be sure that only the recipient can read it.

Although there are many advantages to using digital signatures, several problems also exist:

• Anyone can create a public/private key pair and contact the recipient, claiming to be the sender. Without knowing the sender by voice or another method, there is no way to guarantee that the owner of the key is indeed the person sending the document.
• If someone other than the owner of the computer has had physical or logical access to the computer that houses the encryption software, malicious code could be inserted into this software to enable other actions, such as collecting the owner's private key and mailing it to the author of the code.
• A computer may legitimately have a person's digital signature resident on it, but if that computer is stolen or used by another and the private key guessed, then a document created on that computer may not have been "signed" by the digital signature's owner.

In other words, the integrity of a digital signature can be compromised if someone gains improper access to the computer that runs the encryption software.

Regardless of the problems, digital signatures have great potential. However, for electronic business to reach its full potential, the end user must feel secure in either signing or receiving a document electronically. Digital signature technology has the potential to create that level of trust.

see also Authentication; Cookies; Security.

Cindy Smith

Internet Resources

American Bar Association's Digital Signature Guidelines. <http://www.abanet.org/scitech/ec/isc/dsgfree.html>

Computer Emergency Response Team (CERT). <http://www.cert.org> Electronic Signatures in Global and National Commerce Act. <http://www.ecommerce.gov/ecomnews/ElectronicSignatures_s761.pdf>

"Digital Signatures." Software Industry Issues. <http://www.softwareindustry.org/issues/1digsig.html>