Transcript of multi-jurisdiction conference call regarding digital and electronic signature statutes and regulations.I know there’s going to be some people trickling on soon at 9:00, but I think we can take care of some of the roll call right now. Also, here with the rest of the committee are Ken Allen from Utah, who has been very helpful on the legislation and regulation working group to get it to the point where we are and also Dale Juffernbruch, who has been here at the legislation working group since the beginning and also has been helpful. So thanks a lot Ken and Dale for getting us where we are.
From California, do we have anybody online yet?
Yes, this is Alfie Charles from the Secretary of State’s office and David Gray will be joining shortly.
Will Kay Caldwell be online?
We’re still waiting on Kay.
Okay, All right Alfie. Florida? I heard Jerry York I think.
Yeah, and Don Bell will be joining me shortly along with Bill Wyrough from Detroit Legislative Information Resources Committee.
Georgia, Do we have Mike Hale? Not Yet. Illinois, Greg Scott.
That’s correct and Mike Wile.
Iowa
Yes, Phil Stockbregen and Howard Hagan.
Great, I’m glad you could join us Iowa I know you weren’t in the last call and we’re happy to have you in this one. We’re interested in hearing what’s going on there.
Minnesota?
Katie Engler and Michael Norton and Irene McCormick
Massachusetts?
Ray Campbell
New Jersey?
Maureen Guard
New Mexico?
Thaddeus Baner
North Carolina?
Beth Barnes
Ohio?
Sean Dunn
Oregon?
Tom Rausch
Rhode Island?
Brian Kennedy
Hey Brian, Congratulations on the election.
Thanks Dan, I’m going to be looking forward to having you come down to Rhode Island to help me on this one.
We’re just a border away. Is Bart Cleland there?
I’m here.
Hi Bart, from Senator Ashcroft’s office, U.S. Senate. Harold Berman? Is Denmark on the line.
Yes, Denmark is here, Mads Anderson.
Anyone from Pennsylvania? Okay, I didn’t think so. And here in the room we’ve got Tom Smedinghoff, also Illinois; from Utah we’ve got Ken Allen; and for Virginia, Dale Juffernbruch. Did I miss anybody? Also from New Jersey we’ve got Charles Merrill, and from Washington in the room with us we’ve got Linda MacKintosh. Wait a second, who else do we have in the room from a state? Representing a state anybody else? From Canada we have Maureen Adamache. Have I missed anybody? Will anybody be interested in giving a report on legislative or regulatory innovations in another country that’s present here?
Can we back up a second, this is Jerry York in Florida, we’re still trying to reach Harold Berman in New York and Mike Hale in Georgia.
Jerry, Harold Berman is going to be representing is that the state department?
I believe so yes.
I think Harold is from the Department of Commerce but I’m not sure.
Okay. I just want to remind everyone this is going to have to be exactly one hour call, from Georgia until we get Mike Hale on the line we do have Robert Ball from Georgia. First of all I want to thank, very first of all is there anybody on line that has not been called? Is there anybody in the room that’s representing a state or other jurisdiction that’s not on the roll? I want to thank the state of Florida for very generously underwriting this conference call. The last conference call the State of Massachusetts was kind enough to pony up the money and we’re hoping to make this a regular event for the information security committee meeting and for the states and the hope is that we’ll be able to rotate the sponsorship for the calls to different states. And so I would just let all representatives know that we’ll be taking names off line. Also, I’d like to inform everybody that this call is being taped. We think we’ve made a culmination for it somehow to be recorded on line and what we’d like to do with that is then make a better transcription of the information and then we hope to make that available in some means possibly over the web site and or otherwise. We’re hoping perhaps to make it digitized and make it available as a screaming audio on the web, something like that. So we hope that this will be made available and I just wanted everyone to know in advance that it is being taped.
The way it’s going to go is first we’re going to very quickly go right down the list and get updates if there are any from the states? If there’s nothing new that’s happened in the state in the last three months since our last roundup then you can just pass, if there’s been any amendments in legislation, any new legislation that would be relevant that’s been filed, any draft legislation that’s pending , anything in the pipeline for regulation or legislation we’d like to know about that and what we’d like to do is basically update our matrix that we have online. I’ll give the URL for that very quickly, its: www.state.ma.us/itd/legal. So we’ll take whatever updates there are and modify the matrix. Let’s go down in order, in California is there anything of note to Update?
Yeah, we had a taskforce here that drafted some proposed regulations for Secretary of State Jones to review. The regulations are now on his desk to review he should be submitting his text to the office of administrative law which would be another six month process after this, but he should be making his decision in the next three weeks or so.
Okay, thank you. Florida?
We have recently completed a digital signature report that included a half a dozen legislative recommendations. We have submitted that report to the legislature and the recommendations for ? perhaps give them the e-mail site.
Is that you Jerry?
Yeah this is Jerry.
Jerry you faded out towards the end there. You apparently had a report with six recommendations.
Yes, with six recommendations and we do have a web site for the documents its: www.dos.state.fl.us then you tap on the left screen, you’ll see the digital signature page you tap in there and you can get a copy of our report and see what we’ve done.
Excellent. Would you mind if we link to that from the matrix page?
No, not at all.
Excellent. State of Georgia? Is Mike Hale online yet? Okay, why don’t we go with Robert Ball?
On January 17, Georgia introduced the Georgia electronic records and signatures act last year Georgia had introduced a Utah type statute that did not go very far in part because it was introduced very late in set. The new statute that’s being proposed is basically a minimalist approach that intends to enable electronic and digital signatures, create some study committees to try and facilitate the electronic signature and digital signature movement; and a bit of a wait and see approach as far as extensive legislation beyond that.
Okay, thank you. Anything from Illinois? We have Tom Smedinghoff is here also and I believe we’ve got Greg Scott or Mike Wile online.
This is Tom Smedinghoff. Generally Illinois is in the process of drafting legislation. We’ve decided not to introduce it in the current session in the Illinois general assembly. There is a new draft dated January 13 of 97 that is available on the attorney general’s web site for downloading and we’re continuing to work.
Thanks Tom. State of Iowa?
This is Howard Higgins speaking and we are just getting started. We have no legislation, I have to be chair of the Iowa bar association banking committee and we’ve just begun the investigation regarding duration of rules, regulations and/or legislation relating to digital signatures. The attorney general also will be involved but that is all being established. Thank all of you for allowing us to participate in this phone call.
We’re glad to have you, we’ll be watching with great interest what happens in Iowa. Minnesota?
This is Katie Engler, we have a state representative who has introduced a bill to adopt a Washington-type model and my understanding is that will be introduced shortly in our state senate as well.
Very good, is there a draft of that available anywhere?
Not that I’m aware, well it would be available under house file 56 on the Minnesota web page in the legislation area.
That was house file 56?
Correct.
Okay. Thank you. Massachusetts?
This is Ray Campbell. We’re working on a draft of a, I guess to use the person from Georgia’s term, a minimalist digital signature or actually electronic record and signatures act. It attempts to enable online commerce in electronic government by establishing the legal sufficiency of electronic records and signatures but does not have any regulatory component.
So that’s to suffice of the state or is it broader?
It applies to, in the current draft, it applies to all, any rule of law affecting the use of signatures or records.
And that’s in draft form now?
It’s in draft form. We’ve been chomping it around pretty extensively to the Massachusetts Bar Association and the Boston Bar Association taking comments on it and hopefully we’ll be introducing it or filing it with the legislature later on this spring.
Thank you. New Jersey?
Yes, this is Maureen Guard, I’m counsel to the New Jersey Law Revision Commission, which is a commission of the legislature. At the moment we do not have any legislation pending in New Jersey. There is one item noted on the web site but it’s extremely narrow and having only to do with medical records. What I’m in the process of doing is preparing a report to recommend to the commission for which I work that this particular commission get involved in at least making a report to the legislature with respect to the advisability of legislation in this area.
Okay. So there’ll be a report, is there a timeline for when that report might be available?
Well, first the project itself has to be approved by the commission and hopefully that will occur at the next meeting in February, at least I’m hoping that it will, and thereafter there’s no firm timeframe for that.
When that report is made available, would you be kind enough to perhaps send an e-mail and if it’s public we’d be delighted to link to it on the matrix web site.
We have a web site of our own and our stuff is routinely put up on the web site, even preliminary materials so as soon as we have anything it will be up and I will notify you so that you can link to it.
Thank you very much.
You’re welcome.
New Mexico?
Thaddeus Baner here, state law librarian. We don’t have much of an update from the last meeting but we have a significant update from the matrix as it now exists. We had two acts that are law 1 was 1975 and this one made electronic signatures co-equal in terms of evidence with other kinds of signatures. And the second one enabled the secretary of state’s office to become the registrar for public keys and that passed last February. Last Summer, regulations issued from records and archives for the requirements for having a digital signature and the secretary of state has just prepared a draft which I haven’t seen of their actual regulations for filing for publication of your public key on their system. But right now state agencies are required to accept digital signatures that meet the records and archives requirements and that are on file with the secretary of state.
Excellent. So did we get it wrong on the matrix as it stands now?
Yeah, the matrix is almost a full year out of date.
Okay, could we just get together off-line on e-mail and make sure that it’s accurate after the call?
You bet, and if people want to see the statutes, they can see them at www.michie.com under New Mexico and the regulations will be up there probably by the end of February.
Okay, there will be more information on that later. Thank you very much New Mexico. North Carolina?
Thank you. Just as Iowa, North Carolina is just getting started too. The general assembly goes into session on the 29th so there’s no legislation pending at this time. However, as is evidenced by my participation in this call, North Carolina may be considering legislation this session, but I think a preliminary study would be advisable due to the complexity of the issues. The members here are just getting started so I think they’re going to need to be caught up on the learning curve.
I’m sorry, are you from the legislature or?
Yes, I’m in the bill drafting division of the general assembly, we have a centralized staff here.
Okay. Excellent. Thank you very much Beth. Ohio?
Sean Dunn, I’m a private attorney in Ohio and lobbyist. We do not have any legislation pending right now or that has introduced in the past. I guess this is three states in a row of, or at least three states getting started here. I have a couple of the clients who have asked me to work on getting that situation changed and so what I’m going to do in the next couple of weeks get together a meeting and try to get all the interested parties and see what makes sense for us to do in Ohio.
Excellent. You’ll keep us updated on that I hope? As things develop if you could just send some e-mail we’ll make sure to link to it directly so we can all track what’s happening in Ohio.
Okay.
Thanks Sean. The State of Oregon?
This is Tom Raush from Oregon and I’m not really sure how to report on this because we have strong rumors that there may be new legislation pending but nothing has come up the pipeline yet. Our legislature just started in January and nobody said anything to me for sure what’s going to be taking place, but we understand that there’s a lot of interest in digital signatures and so another bill may come out like the former bill of the 95 session or there may be something very different coming along. We just don’t know yet. But we’ll let you know as soon as it comes up.
Great, thank you very much. From the Great New England state of Rhode Island Representative Kennedy?
As of right now, our bill is being drafted for resubmittal and will be going to the judiciary committee again this year and hopefully we’ll have a better opportunity to explain the bill and the merit for the particular piece of legislation. It has not been assigned a bill number yet, I don’t expect that to be the case until next Tuesday which is our last day for submitting legislation. I would like to, Ray Campbell had mentioned about the minimalist approach that he’s taking in Massachusetts, and is that on a web site some place the proposed legislation?
Yes, it’s on our web site and the url for that is http://www.state.ma.us/itd/legal
Thank you.
You’re welcome.
And Brian that’s the site where we’ve got a matrix of other state legislation too.
Okay, Great Dan.
Brian, is the legislation that’s being drafted for re-file similar to the other Rhode island legislation that was filed?
It’s going to be very similar but what I did last week, I did pull some of the various pieces of legislation from other states off the web and I think Perry’s going to give me a couple other versions and we want to see how we can work some of these changes in so that the secretary of state doesn’t feel like he’s being left out of the loop as well.
Completely understand. Okay, well thank you Brian. Now present we have Ken Allen from Utah?
Right now we have no legislative amendment plan on - we’re continuing to draft our administrative rules to help us implement the program. We just recently selected a vendor to develop a repository and to provide digital signature software and certification authority services for us. We’re in the final phases of negotiating that contract, we anticipate by the end of this month we’ll have that contract signed and then we anticipate within six months, by August of this year that we should begin implementing certification authority licensing and start digital signatures in Utah. That’s about it.
Okay. Thank you Utah, the grand-daddy of them all. Also present we have Dale Juffernbruch who’s going to be speaking for the Commonwealth of Virginia.
I’m not with the Commonwealth of Virginia but I’m in contact with Senator Tiser’s office and she is a sponsor of the bill. Senate Bill #923 was introduced on the 16th of January and it went through the committee on commerce and labor and passed through that last week and so it’s finished in the senate and it’s on to the house where I think it might have a few revisions. It’s somewhat like a Massachusetts-type model and that’s what they’re looking at right now, not to get too specific in the technology so it’s going to be going to the house pretty quickly.
Is that bill available online anywhere?
No, but I’ve got it so we can probably get it online.
What’s the bill number?
The bill number is Senate Bill 923 and we’ll work on getting it online. I’ll have to check with the sponsor.
Okay. Thank you Dale. We have with us in the room Linda MacKintosh from the state of Washington. If Utah’s the grand daddy I suppose Washington’s the daddy.
Hi, we have legislation this year that will make some changes to the bill that we passed last year. Last year our bill was based on not exactly alike but based on the Utah bill and the ABA guidelines. We’ll be making changes to that, I will get that to the Massachusetts web and you can look at that legislation. It has been introduced in both of our houses both the house in the senate, it will have hearings in both Houses next week. Interestingly enough in the House that’s in the Commerce Committee that we’re looking at this as an international trade bill. We also have a video that’s available which explains digital signatures, some of the states have seen that but I will get the place where you can purchase one for the huge price of $7 and put that on the Massachusetts web site too.
Thank you. We have also, Thank you very much Linda.
Dan, can I just break in here for just a second? Can we get to the gentleman from Denmark, now?
Yes, we’re doing that right now. From Denmark we’ve got Mads Anderson..
Yes, I’m speaking. I’m a local professor of the University of Copenhagen and I have been working for the Danish Ministry of Research and Information Technology on drafting Danish Act on digital signatures. Right now we have a draft which has been submitted to the ? circles which is the finance and banking sector and public entities around government and we actually do have a workable document which is very close to being in a shape to go to our legislature, but a very interesting thing has happened now. Which is that the whole process has been slowed down due to the crypto ? even though there’s a distinction and a difference between digital signatures on one side and encryption for confidentiality purposes on the other side. There has been a movement in Denmark whereby people from ministries of justice and department of defense has forced the ministry of information technology to slow down the process of this act until the crypto ? has been settled as it is said. So right now we’re in a position where we have a workable draft which cannot be put publicly out for discussion and we of course in the computer community find this to be a very unsatisfactory situation.
Understood. Incidentally, Mike Baum sends his regards to Denmark.
Thank you.
Question - Is your draft available on the internet anywhere, is it available in any form?
Well, the first question I can say no we cannot publish it, I cannot put it on a web site. But some of the provisions of the act has actually been put into the ? document which is right now out for discussion prior to the meeting next month in New York and some of the focal provisions among them, the provisions regarding legal entities how should they sign documents and so on; are taken from the Danish draft but that’s not such a thing as an official Danish draft due to the crypto ? problem.
Okay. Thank you very much.
Mr. Anderson, before you go do you have an e-mail address? This is Jerry York down in Florida.
Yes I do it is lawmads@pc.ibt.dk
Thank you very much.
Okay, I’ll leave the meeting now then okay?
Yes, thank you for joining us.
Okay, it was a pleasure, thank you, bye-bye.
Another international jurisdiction represented today is Canada. We’ve got Maureen Adamache from Canada.
Hi. We have a federal government dki for the use of the federal government and it’s citizens and contractors, so we’re looking at legislation that would govern that system not regulating the private.
Dan?
Yes,
Hey, it’s Mike Hale.
Hi Mike, Welcome Aboard
Sorry, I had a little bit of trouble with the telephone.
Mike we’re going to loop back to you in a minute, we’re doing Canada right now.
Okay.
So stay tuned. Go on Maureen.
Some of the issues we have are purely government issues like the confidentiality of personal information that’s being held by the pki and records retention requirements that we have as a government that don’t necessarily apply to the private sector and liability and access issues.
Okay, thank you very much Maureen. Okay, actually why don’t we loop back to the states for a moment, did you have anything to add Mike? We did get a quick update already from Bill who told us that you have a bill. Did you have anything that you wanted to add to that?
Well, I don’t know what your timeframe is but I can give you a quick run down if I’m repeating I apologize. Basically we filed actually this morning the bill that’s in your hands, however that’s going to be changed, but mostly its symantics and cosmetic it’s nothing substantial so the bill that you have in front of you is pretty much what’s going to be going in front of what’s going to come about. It looks like it’s going to have an excellent chance to pass because it’s not going to cost the state a whole lot. The top end budget will be like $100,000. To summarize the bill it’s basically to legalize electronic signatures and electronic records and it will
*********************************************************
(slight gap in tape of perhaps a few minutes at this point)
*********************************************************
Send those along also so we can post them in the same area?
Sure.
Thank you. Are there any more perspectives on this from other participants? Is there anybody that has doubts that an accreditation model could achieve what states are looking for in terms of not having to have duplicative costly bureaucracy to license.
This is Michael Norton in Minnesota. I got some question about that, especially if we’re going to have some states doing more due diligence in this area and other states doing less, the whole notion of national and international commerce I think is problematic. I mean all the liability questions that will arise will be treated, well I think it will just be difficult to sort out and get agreement then on any kind of uniform law that deals with the liability issues.
Okay, with accreditation I though so far we’ve been contemplating some sort of accrediting body which would be, not just 50 of them state by state but one national or perhaps international one that we would then all look to and would help define guidelines that we felt were sufficient.
I think that if you’re going to do it, that would be the way to do it instead of having each individual state set up some kind of an accreditation system as opposed to licensure system. But the way that the states are going so far, I thought, was that they were developing this for their own internal activities, at least in the short run here. Then the question is going to be when we get to the point where we are looking to a national standard, how difficult is it going to be to undo the bureaucracies in some states in favor of the more lax accreditation approach on a national level?
That’s a good question. We did have in our meetings yesterday, I’m going to speak if I may Mike, Utah mentioned that there might be some appetite if there were an adequate national or international accreditation regime to perhaps have that act as a substitute for the licensure or perhaps even seek to amend the licensure laws to rely on the accreditation instead.
I think that would be direction that both of us involve in the process would like to see ..
We can’t hear you.
Mike just said that he thinks that would be a direction those of us in Utah would like to see dot dot dot a period. Okay.
Alternatively we could let Utah move forward and license certification authorities and everybody else could just piggyback on their reference.
Hey Dan?
That’s a good one. Yes, who’s speaking now please?
Mike Hale. Can you give me a little run down on this accreditation regime? Is it state-driven, market-driven? What is it being foreseen? Who’s kinda be running it?
This is all an open question right now, we’re talking in principal as to whether this should be an adequate system. It’s useful now to actually answer some of those questions by polling state participants to ask what do you feel would be adequate or do you feel that it would be possible to have such a system?
I think they go hand-in-hand, I think the public/private sector needs to work together, I don’t think it should be exclusive.
They mentioned that there’s going to be a meeting later today of accreditation authorities that national secretaries of state association and NASIR the CIO’s association, NASPO the National Association of State Per Curium Executives and others are putting together with all the major certification authorities and with Netscape and Microsoft. Just to discuss the possibility of what would be involved in forming an industry-led accreditation authority with input and participation by state and federal governments. I don’t know what the result of that will be, but it will be taking place later today in the Fairmont and I’m sure that whatever the result is, will be communicated somehow to people and we’re going to be tracking that with great interest. Also, the information security committee that’s hosting this call has recently formed a work group on accreditation to begin to look at what some of the issues would be. Chas Merrill from the state of New Jersey is the chair of the work group and would you like to bring us up to date at that please.
Well just briefly, we had a meeting yesterday and we had a lot of representatives from very diverse groups, including government and private, there seems to be a lack of enthusiasm in governmental areas for taking the lead on the accreditation mainly because of budgetary problems. So seems to be some interest in waiting for trade association groups, private industries to come forward with something.
Thank you Chas. Well, clearly this is going to be an area we’re all going to want to track and I’ll make every effort to keep information available on the web site and to solicit people’s ideas and make those available for everyone to see as we continue. I think this is going to be an area where there’s going to be some action and apparently the consensus is it’s promising to help us solve some policy issues. There are however, other areas too and we’re going to have to aim to close in about 10 minutes, but the next area that’s been talked about a lot in will cause a lot of dialogue is the question of liability or safe harbors’ and I guess to phrase as a question What, if any liability allocation or safe harbors should be promulgated through statute or regulation? Do people have a feeling that that’s an appropriate thing to do at this stage? Or what are perspectives on that please.
This is Don Bell from ? Florida. I think from our perspective if people decide to engage in business they probably ought to assume the liability that’s associated with the business. I don’t know that we’re really interested in pursuing any kind of safe harbor notion and on the other side of the coin the same thing is true with regards to liability, we don’t really see any reason to limit liability. Liability ought to exist to the extent of the value of the transaction that you’re engaged in, that doesn’t mean that we would view digital signatures and transactions, but if they’re representing that the digital signature they’re providing is reliable and secure then to that extent they ought to be liable.
This is Ray Campbell from Massachusetts. I agree that, I think there’s a couple reasons why a portion of liability is inappropriate in a state statute. It seems it would be difficult to accomplish on a state-by-state basis given the inherent multi-jurisdictional nature of these types of instruments. I also think that it would be more appropriate to let the parties negotiate their own liability provisions and let competition for customers prompt certification authorities to offer more in the way of commitments to stand behind the certificates that they issue. If it turns out that the market doesn’t develop properly and doesn’t provide for adequate redress of liability problems that end-users might have, then at that point conceivably legislation might be appropriate although I would think it would be more appropriate at the federal level than on a state-by-state basis. But at this point I don’t see why we shouldn’t let the market develop and see how liability issues are addressed as between parties really contracting with one another.
More perspectives? The flip side of this of course would be liability limitation for the consumer. We’ve been talking about this in terms of a industry thing, are there any thoughts on whether it’s appropriate for statutes to provide consumer protection provisions perhaps through liability capping?
In New Mexico, we’ve not found liability capping to be constitutional.
This is Howard Hagan in Iowa. One inside may be in the financial area that is with banks and obviously the federal reserve is exploring the implications of ragee which imposes limitations of liability for the protection of the customer base out there and what you’re seeing in the electronic financial networks is they are starting and have assembled study committees to view liability issues and will have internal distributions of liabilities among and between the various financial institutions using electronic networks and then as it relates to consumers, there may be consumer protection act provisions in each state; but what they’re discovering is that you end up with one system of liability allocation which is admittedly arbitrary for the providers that if the financial institutions, based upon efficiency reasons and then when you get into court what you discover is that third-party, i.e. consumers, are not constrained by those treaties or protocols among and between the users and can assert local UCC provisions for example. And it’s creating I think, long-term a very interesting dichotomy of internal marketplace rules and public consumer rules vis-à-vis either consumer protection or the uniform commercial codes in each state.
Interesting. One thing that did come out in our discussions yesterday in the legislation regulatory working group, was that it’s terribly important when looking at drafting this type of legislation or regulation to be very specific or just sort of at least recognize the fact that there are different applications, different implementations of this technology and that when someone in say a private label CA business, where there’s really not going to be technically speaking a possibility of third party reliance, that’s once scenario where I think it was spelled liability provisions, the need for them, liability allocation or capping is much, much less pronounced and then there’s another scenario with the public label CA model where there are third party reliers and that’s what creates a lot of the liability uncertainty out there. So there was a thought that well there’s no conclusion at all that liability capping was necessary the right policy to take but there was a pronounced feeling that should state seek to do that to really take care to look at the types of implementations to which such caps would apply. Mike Baum said "It’s not monolithic." Let me just also ask about the role of insurance. When we’re looking at allocating risks and liabilities, it’s not …
Could we hold off just a, this is Michael Norton from Minnesota, could we hold off just one second? I’ve got one question I’d like to ask folks about, about the last issue before you move onto the next.
Yeah, of course, go ahead.
Are there any states that are trying to deal with these several bodies of law at the same time rather than just dealing with digital signatures? Is there any state where folks are also looking at the UCC implications and the other kind of commercial law implications, the data practices implications all at one time? Is there any experience like that out there?
Yeah, this is Don Bell from Florida. We have looked at this, at how digital signature relates to other areas of the law, I think fairly well here, and that’s not to say that we haven’t missed a few things. A project that still in infancy and we don’t know what we might encounter in the future, but I think to the extent that you can say with complete confidence that things are consistent at this point, I think that they are. I mean I think that at least proposed legislation that we have in Florida will be consistent with the UCC, we don’t see any conflict with existing regulatory standards in other areas and in fact the few modest proposals that we’re making are to conform existing law in other areas. And variably what we keep bonding here I think is that whether we talk about the evidence code, we talk about the uniform commercial code; all of those areas, really they are not substantial modifications of law necessary for digital signature programs to go forward.
Thanks. Was that Don Bell.
Yes.
Okay. Tom Smedinghoff I believe has a comment on this too.
Yeah, this is Tom Smedinghoff from Illinois. I just wanted to mention that our statute is trying to, maybe not be quite as broad as maybe you had suggested but to combine a number of these issues to look at the general issue of electronic signatures generally and then to combine that with issues relating to digital signatures being a subcategory of electronic signatures. The other thing that we’ve sort of started to look at, and I thinks going to be a major issue here, is to the effect we legislatively approve the use of any sort of electronic signature we have to focus, or we’ve come to the conclusion, we have to focus on how that’s going to impact all of the various laws within the state. I know in Illinois we looked at, and we’re in the process of going through the various statutes, we found over 3,000 statutory sections that require something to either to be in writing or signed and we feel we need to look at the impact that this legislation is going to have on all of those other statutes to determine whether in some areas it might be appropriate not to authorize electronic signatures. So I think there’s a number of other issues along those lines that do need to be considered here.
Yeah, that’s a really good point. We are in Minnesota thinking about the transition and trying to figure out how to get from here to there. We are concluding that it might be necessary to give some authority in the state government the ability to waive certain statutory requirements or so on and so forth in order to be able to accommodate this transition. Anybody trying to do anything like that out there?
Phil Wyrough in Florida. Let me just tell you how we look at it in Florida. We have a very broad definition of an electronic signature and a more specific definition of a digital signature; and electronic signatures are given the same force and effect as written signatures and the way the statutes work is all the other provisions out there that may have specific requirements for signatures and notarizations and everything like that, still remain in effect because those are specific. The broader general provisions, in other words, take a back seat to the specific provisions in law, that’s just basic rules of statutory construction.
I just have to give everybody like a 2 minute warning, actually probably a little less than that, we do need to end this at 10:00 a.m. we don’t want to abuse the kindness of the state of Florida, so we’re going to have to begin to wrap it up.
Hey Dan, This is Jerry down in Florida, we don’t mind going overtime.
We’ve just decided to extend the call. What’s our timeline look like Jerry?
We’ll just let it go for awhile, if it looks like its going to go on forever, I assume other people are going to have things they need to move onto, but we’re moving along pretty well I think.
Okay, just out of respect for everybody’s schedule shall we say about 10 minutes?
Sounds good.
Okay. Unanimous consent motion, 10 minutes.
Dan, I have a question, getting back to the liability issues, this is Jerry York in Florida. Is anyone aware of any litigation that has arisen out of the actual usage of a digital signature?
This is Howard Hagan in Iowa, which seems odd since we do not have any digital signature legislation, but there is an analogy, there is litigation currently in Iowa involving electronic encryption in the checking process and one of the central issues, and that’s what I was trying to articulate before is that the network that process these checks, and keep in mind you’re really arguing over the ultimate signators on the checks so its somewhat analogous, but there’s a certain liability allocation that the network makes which imposes liability in one direction but then the boomers involved are asserting UCC provisions which in Iowa we had, I think, the most current draft of the UCC provisions which looks to both comparative fault and originating and collecting banks. So there’s a direct conflict there and one of the arguments being made is that the network systems rules are in effect indication of customer practice which throughout the UCC if you look at it, it refers to what are the custom and practices of the community at large and they’re trying to reallocate the liability away from the UCC back to the network allocation of liability.
Iowa is that a case that’s been filed?
Yes.
Is it possible to forward along to give access to the documents.
We can forward some of them.
I think that would be very helpful.
But it does show how you develop systems, whether they be private systems or public systems, that they can be utilized under then under the UCC provisions as custom and practice to try to reallocate liability with third party consumers.
Interesting. Anybody else aware of any other litigation that’s relevant?
In Florida we have had one case last year that involved the filing of a document of public employees relations commission here for and the complainant relied on our new electronic signature act to argue that in essence they had the right to file a document by fax, that the public employees relations commission had always required to be filed in a hardcopy form; and essentially all of our provisions here in Florida are voluntary which I think is important, because the agency head over there gets to make the decision about how they’re going to implement the ?, and if they choose not to accept electronic filings then that is appropriate. Now all agencies here, it’s going to be incumbent upon them to make rational decisions under the law, you couldn’t just arbitrarily conclude that you’re not going to accept an electronic filing, and you shouldn’t quite frankly. I think the government succumbed upon government to try to move into the future and accommodate citizens and businesses. In that case Perk concluded that the electronic filing should not be allowed for two reasons; (1) because our act gave the responsibility for making that decision to the agency head, and (2) because it required a notarization and in Florida the notary seal couldn’t be transmitted electronically. So that is Perk perhaps after one of our changes this year, if it passes, we’ll have to accept that or would have to reconsider because we would like to change the law here to allow notary seals to be transmittable electronically.
Was that Don Bell speaking? Is that a reported case?
It probably is a reported case of the Florida public employees relations committee.
It would be in the Florida Administrative Law Weekly, I can get you the cite.
Yeah, we can get you a copy of it.
Okay, that would be very helpful. Actually just a question here, since everybody that would care about this is pretty much online. Is there a desire to have sort of an ongoing litigation roundup on the matrix also?
Sure.
Yes.
Absolutely.
Okay, so why don’t we just say that as this stuff develops just go ahead and e-mail it to me at dan@civics.com and I’ll do what I can to either link to it or make sure that people know what’s going on.
Dan, This is Mike Hale in Georgia, we have a somewhat similar case down here in Georgia similar to Florida’s about an electronic filing, the infamous chirps and burps that Bob Ball probably could give you a little synopsis of that I’ll e-mail you the cite.
In the Metro is that the case where someone attempted to fax a signature and the signature was held invalid.
Probably, it was this summer, probably the same one, I’m not exactly sure.
That’s fine, thank you Mike.
Robert (who I called Bill earlier) thanks Robert, says it’s the Norwood case.
Yeah.
I’ll make that available to everybody.
It’s pretty fact specific but it’s at least something.
Dan?
Here.
This is Ray. I have to run to a 1:00 meeting so in addition to facilitating this call I guess you can now wear the Massachusetts hat as well.
Okay, so noted.
Thanks a lot Dan.
Thanks.
Bye Bye Everybody.
I guess I’m not really going to have much of an opportunity to do that because we’re quick running out of time now. I guess on the way out I want to give a quick update for yesterday in the meeting we did discover that there are some relevant things happening nationally and internationally; everyone should know that the White House now has an electronic commerce draft policy that Ira Magaziner has been leading the effort to draft, that’s available off the www.whitehouse.gov web site. Also, UNCITRAL apparently, that’s the UN commission that does this sort of thing, is apparently looking at drafting actual digital signature model legislation we discovered and so there’s, that probably changes the legislative playing field given the fact that there’s an international body looking at developing a normalizing model statute. So we’ll want to be tracking that very closely too. And we heard that there may be some draft, or some desire at least, to draft legislation within the Clinton administration which could be filed in the foreseeable future.
Is there any way we can get hold of Unstatrall in legislation?
Mike is that possible?
We going to track that down, they do have a web site and if it’s available we’ll make sure that that’s linked to or other information that we can, that we know we’ll try to get something up there about it but that is going to be something to watch.
Dan, this is Perry. The UNCITRAL document is available online.
Excellent, so why don’t we all be looking toward the matrix, I’ll make sure there’s a link to it.
It’s not online.
Okay, we’ll see what’s available and try to post a summary. Okay, we’re going to have to wrap this up at this time. Just let me ask on the way out, has anything very important been missed or does anyone have something that they’d like to add that hasn’t really been treated at this time?
Yeah, this is Alfie Charles from the Secretary of States office in California. We will be representing NAS this afternoon at the meeting so if anybody from Secretary of States offices has anything that they would like us to bring up or to raise regarding accreditation or licensing or any of the issues we’ll go over this afternoon, please e-mail me or give me a call, I’ll just give out my e-mail address real quickly its acharles@ss.ca.gov and I’ll probably be leaving here about 1:00 my time, so if you could get to me before that I’d appreciate it.
Okay, that’s 1:00 California time?
Yes.
Is the Secretary of State of California will be present at the meeting, is that true?
No he won’t, I’ll be representing him.
Okay, excellent. Well I’ll see you at 3:30, this is I guess we’re going to sign off now, I want to thank you all very much, that was an extremely productive call. We’re going to be, within the next week or so, we’ll try to update the web site to reflect the changes and we’ll keep it updated as new information trickles in. Again, I want to thank the state of Florida for sponsoring this and making it possible and we are going to be looking to volunteers from other states to sponsor the next call and just be aware that there will be a knock at the door soon. The next meeting of the Information Security Committee will be in Washington, DC in approximately 3 months and I would like very much at this time in closing to extend a enthusiastic invitation to all of you present to consider joining the Information Security Committee. You don’t have to be an attorney to be a member of the American Bar Association, but I think that you’ll find that it will be a useful membership to have and to do that we can take care of the details off-line but we would really encourage you all to do that if at all possible and we do have working groups and some additional things that you can join as a member. And so with that, thank you all very much and this is the ISC in the Fairmont Hotel in California signing off.
