Section of Science and Technology
Legislative and Regulatory Law and Policy IssuesIssue Areas:
Some statutes specify use of a particular technology as part of the definition of a valid electronic signature - specifically, the term "digital signature" is used in some laws and defined to require asymmetric cryptosystems and various additional requirements. Such a statute is "technology specific". A statute that refers to use of electronic or digital systems generally, but does not specify any particular technology or implementation of technology is "technology neutral." Whether a statute or regulation is technology specific or neutral has policy implications. Points of View: One benefit to the technology specific statutory approach is the increased ability to design legal models that closely track technological capabilities. For instance, a properly functioning public key infrastructure should provide a very high degree of certainly as to the identity of parties using the system as well as certainty about the integrity of the message and perhaps the confidentiality of the information. There is a strong argument that this technical reality should be reflected in the law. For instance, the Utah statute provides a legal evidentiary presumption that binds a person to a message that was digitally signed by that person's digital signature (under specific conditions). A benefit to drafting technology neutral legislation is the increased flexibility afforded by such an approach. Particularly given the fact that information technology and various implementations of this technology are fast changing, it may be imprudent to specify a given technology or implementation in a statute. Legislation and regulation, once enacted, have a tendency to be change resistant (even when the need for amendment or deletion is not disputable). In addition, there is a risk that state government may be setting one technological approach above others (existing, and not yet invented) and that may have the effect of distorting the natural market flow toward better products, services and more competitive pricing. Some have argued that state governments are not adequately suited to predict the future of this very dynamic economic and technical field and that the law of unintended consequences resulting from government action effecting free markets will probably operate to the detriment of consumers, business and society. This argument is bolstered by the fact that this segment of the economy has not yet truly matured, thus leaving would-be government regulators to guess at the shape, scope and business lines of the industry to to be regulated. Issue: Does the statute contemplate electronic and/or digital signatures for use by or with state governmental bodies only or are messages and transactions between two or more private parties also within the scope of the law? Points of View: To the extent uncertainty exists among private actors (consumers, business, etc.) about the legal sufficiency of electronic signatures and/or records, legislation which fails to address the private sector directly may be too limited in approach. However, state's which only provide for intrastate governmental use of this technology may still engage in other, non-statutory, beneficial activities that are beneficial to the private sector. For instance, states using digital signature infrastructures can: a) seed the market for such technology by allowing, encouraging or requiring some filings or other communications by private persons or entities with the government to be digitally signed; and b) provide for certificates for business' or professionals already licensed by, filing with or registered with the state (i.e. an agency of the state may offer or out source the delivery of digital certificates attesting that a business is, in fact, incorporated in that state, is a limited liability company, is a public charity, has a certificate of good standing, is a licensed securities dealer in the state, and so on.). While such indirect market support does not clear legal obstacles to electronic commerce and other communications and transactions between private parties, it is still possible that many private transactions would continue or emerge without additional legal certainty. It remains unclear what the costs to business may be in the absence of more definite laws which clearly elevate electronic or digital signatures and records to have the same legal effect as traditional or paper based signatures and writings. Another policy consideration which may weigh into the decision of whether to apply a statute to the private sector or keep the scope limited to activity by or with a state government involves the doctrine of preemption. It is probable that federal law relating to certain financial transactions and other situations would preempt state law to the extent that purely private parties are involved. The difficulties of defining the many possible legal areas where preemption might occur is eliminated when a state opts for a more limited statute applying only to state government activities. Similarly, many other difficult policy issues addressed below are obviated by statutes which address only activity within or with the state government. On the other hand, there are significant advantages to citizens and commercial players who wish to move forward using electronic communications for social, economic and cultural purposes and who desire a more appropriate legal infrastructure to support those efforts. This section is under development. The section will address the threshold question of whether or not to apportion liability among purely private parties to a transaction in the context of this legislation. Of states opting to allocate liability, various approaches shall be explored. This section is under development. Should a state license or require the registration of certification authorities within that state's jurisdiction? There is hot debate on the proper role of state regulation of this emerging industry. Issues of consumer protection, quality control, and problems with attempts at government imposed industrial policy will be considered. Additionally, this category of legislative provisions especially prompts the need for attention to inter-jurisdictional consistency. Some in industry have suggested that voluntary industry accreditation may be a superior approach. However, as regulations are created among multiple states opting to exercise that power, the problems in the market resulting from nonuniformity and possible conflicting standards must still be addressed. Some states are struggling with the issue of determining the appropriate fee structure for such licenses and the economic effects of such fees. The proper role of state government as a guardian of the public interest and consumer protection will also be discussed.
Rather than providing a presumption, some states have considered allowing the jury to consider the security of a given technological system and any other relevant factors in determining what weight to give such a signature. Still others have merely stated that a record or signature shall not be inadmissible on the sole ground that it is in electronic or digital form. There are consumer equity issues involved in holding people to be presumptively bound by the contracts, purchases or other obligations entered into under their purported digital signature - especially when the consumer may be quite faultless and the victim of a fraudulent use of such a signature. However, limiting the responsibility of the lawful user of a digital signature may itself pose serious market distortions that result in worse levels of service, higher prices, and slower or no technological improvements due to unacceptable and unpredictable liabilities imposed on suppliers. This area of inquiry is tied to the discussion of liability apportionment, and involves still deeper policy choices. This section is under development. What, if any, additional consumer protections are desire able in this area? Who are the consumers of this technology and what are their vulnerabilities in the market? How will existing consumer protection laws and regulation be interpreted to apply to transactions in this area? What types of disclosures (financial, business practice, complaints etc.), if any, should be required of certification authorities? |