IdenTrust LogoDST Logo
 
Products Services Industry Solutions Government Solutions Partners Consulting Company Support
 
Federal Government
   ACES
   Dept. of Defense IECA
  Federal Clients
   Other Federal Contracts
   Why Select the IdenTrust|DST Federal Team?
   Things to Know
State/Local Government
 
 

Things to Know

E-Sign Bill

Introduction to E-SIGN and Electronic Signature Law
On October 1, 2000, the Electronic Signatures in Global and National Commerce (E-SIGN) Act became federal law in the United States. Section 101 of E-SIGN provides that "with respect to any transaction in or affecting interstate or foreign commerce" a signature may not be denied legal effect "solely because it is in electronic form." Thus, E-SIGN creates a level playing field for electronic signatures vis-à-vis signatures on paper documents. In the interest of facilitating interstate commerce, Congress passed E-SIGN so that states cannot place requirements on, refuse to recognize, or deny the legal effect of an electronic signature merely because the signature did not fit or follow a prescribed technological process. In this respect, E-SIGN is technology neutral. E-SIGN does, however, contain several variations and exceptions to this general rule.

E-SIGN reflects the culmination of work by several organizations to develop standards for the acceptance of electronic signatures in e-commerce. Among the sources and groups that helped shape the provisions of E-SIGN were the United Nations Commission on International Trade Law (UNCITRAL), the Directive of the European Parliament on a Community Framework for Electronic Signatures (the EU Directive) and the Uniform Electronic Transactions Act (UETA) as approved by the National Conference of Commissioners on Uniform State Laws (NCCUSL). E-SIGN, UETA and the EU Directive are based on Sections 5 and 7 of the UNCITRAL Model Law on Electronic Commerce, which proposed that an electronic signature "not be denied legal effect, validity or enforceability solely on the grounds that it is in the form of a data message." (See e.g., EU Directive, Art. 5, § 2). Nearly every state in the United States also has some form of electronic signature law on its books, and 23 have adopted UETA, which contains many of the same provisions as E-SIGN.

Such legislation has traditionally been drafted to permit a broad range of "electronic signatures" (often defined as "an electronic sound, symbol or process attached to a record by a person with the intent to sign the record") to satisfy the requirements of a legal signature. Many jurisdictions, however, have recognized the additional benefits that public-key-cryptography-based electronic signatures ("digital signatures") bring to electronic commerce. A digital signature is a type of electronic signature. The features of public-key technology have led many law and policy experts to conclude that, when properly implemented, PKI-based digital signatures provide greater assurance of a document's authenticity and integrity than other forms of electronic signatures. PKI technology provides proof of message integrity and, through verification of the signature by a trusted third party like IdenTrust|DST, it provides the level of signer authentication necessary for e-commerce.

E-SIGN Preemption
Electronic signature laws vary from jurisdiction to jurisdiction. An issue described as problematic because of ambiguous language found in E-SIGN is the extent to which E-SIGN preempts or supplants state law. Specifically, Section 102(a)(2) of E-SIGN provides that a state law may specify alternative procedures or requirements that are consistent with E-SIGN so long as those alternatives do not give greater legal effect to electronic signatures created using a particular technology.

By way of background, early in 1995 the State of Utah was at the forefront as the first jurisdiction to adopt a digital signature law. The Utah statute specifically addressed a PKI implementation of electronic signatures, because it spoke in terms of "asymmetric cryptosystems," "public keys," "private keys" and "digital certificates." (See IdenTrust|DST's Digital Signatures and Public Key Infrastructure (PKI) 101 for an explanation of these terms.) The Utah law also contained a presumption that a digital signature (backed by a valid digital certificate issued by a licensed Certification Authority) was affixed by the subscriber listed in the certificate with the intention of signing the message.

Between 1995 and the adoption of E-SIGN, several states including Washington, Illinois and Minnesota followed suit with similar laws. (It is important to note that even with the presumption that these statutes have provided, the unwitnessed creation of a digital signature has remained open to denial by the alleged signer-i.e., there is no irrebuttable presumption. A party attempting to repudiate the digitally signed document could introduce evidence that the digital signature was created either under duress or without the person's knowledge.) Still, during the debate over passage of E-SIGN there was concern that digital signature technology should stand on its own merits and not be given an advantage over other technologies through presumptions built into the law.

In addition, concern was expressed that some laws improperly placed a burden on consumers to disprove their signature instead of requiring the relying party to prove the authenticity of the signature. Thus, as a general rule, Congress preempted such laws to the extent they accord a greater legal status to the implementation of a specific technology such as PKI.

Exceptions to E-SIGN Preemption

Preferences for implementation of PKI still exist, as discussed below, in the following contexts:

- State and Federal Governments
- UETA and the EU Directive
- Other Electronic Signature Laws

State and Federal Governments as Market Participants and Regulators

As a specific exception to the technology-neutral provisions of Section 102(a)(2), state and federal governments may mandate the use of a particular technology in connection with procurement. See § 102(b) of E-SIGN. Also, under Section 104, a state or federal regulatory agency can interpret E-SIGN and specify standards to carry out the agency's statutory directives. While an agency may not require the use of a particular type of hardware or software, it can specify a performance standard or technical specification to address issues such as security, record integrity, signer authentication and interoperability. Section 104(b)(3)(A) of E-SIGN allows state and federal agencies to require, or accord greater legal status or effect to, a particular technology if it first finds that 1) the requirement serves an important government objective and 2) the implementation of that technology is substantially related to achieving that objective.

 
 
 
home contact us site map policies and warranties privacy statement legal notices