MUETA: What Every Public Sector Lawyer Should Know Department Of Telecommunications And Energy...
-
Upload
raymond-crawford -
Category
Documents
-
view
216 -
download
0
Transcript of MUETA: What Every Public Sector Lawyer Should Know Department Of Telecommunications And Energy...
MUETA: What Every Public Sector Lawyer Should Know
Department Of Telecommunications And Energy
Thursday, December 2, 2004
2
The Once and Future Signature
I Traditional Signatures
II Before E-SIGN: The Law pertaining to Traditional Signatures in Massachusetts
III E-SIGN
IV MUETA
V Technology Neutrality
VI The Myth of “Nonrepudiation”
I
TRADITIONAL SIGNATURES
4
Traditional Signatures
Authentication: the original biometric
Attachment of signature to document
Intent of the signor
Some comfort re: document integrity
5
Traditional Signature Imperfections
Authentication
Attachment to document
Intent of the signor
Document integrity
Forgery
Electronic copying can disassociate signature from document
Signature pages can be replaced
Wordprocessed pages can be replaced and altered without detection
II
Before E-SIGN, the Law Pertaining to Traditional Signatures in
Massachusetts
7
Before E-SIGN
Many Massachusetts state statutes and regulations:
require signature for a particular transaction
Suggest what that signature must consist of
Statutes of frauds: Some contracts not valid unless reduced to writing.
8
Before E-SIGN
Various sections of the MGL and regulations
Defined signatures loosely to include many different kinds of signatures or
Defined signatures tightly to exclude many different kinds of signatures or
Explicitly prohibited use of electronic signatures
9
Mass. Common Law on Signatures was Liberal
Where validity of electronic records not at issue, courts treat in the same way as paper records. In the absence of state statute specifying a “wet” signature, lower level courts have permitted a number of different kinds of signatures.
Negotiations conducted through email, fax and phone call satisfies Long Arm StatuteLenient with respect to non-traditional signatures and records (e.g. facsimile signature)Telegram is a writing under statute of fraudsState trooper report signed via email valid
10
III E-SIGN
In the US, business and legal community concerned about validity of electronic signatures, contracts and other records under state lawSome states pass electronic signature lawsNo uniformity; not technology neutralGlobal issue. 1996 United Nations Commission on International Trade Law (“UNCITRAL”) Model Law on Electronic Commerce. Addresses electronic signatures
11
E-SIGN (cont.)
1999 National Conference of Commissioners on Uniform State Laws (NCCUSL) drafts the Uniform Electronic Transactions Act (UETA). Incorporates many provisions from UNCITRAL Model Law. Uniform, technology neutral
A few states start enacting UETA ----in a non-uniform manner
12
Federal E-SIGN, effective 10/01/00.
Goal: bring uniformity and technology neutrality to electronic signatures, contracts and records law in the USMechanism: pass Federal law to pressure states to adopt uniform version of UETA Validates electronic signatures, contracts and other records for most transactionsPreempts state law to the contrary
Reverse preemption provision
13
E-SIGN, cont.
Exemptions for: Family law
Hazardous waste transportation
Some transactions covered by the UCC; but E-SIGN does apply to sections 1-107(waiver or renunciation of claim after breach) and 1-206 (statute of frauds for contracts pertaining to personalty other than contracts for sale of goods covered by article 2-201, securities and security agreements); and Articles 2 (sale of goods) and 2A (leases).
14
E-SIGN, (Cont).
Scope: Documents related to transactions in interstate and foreign commerce
Only state government transactions covered are those related to procurement
Limits state and Federal government ability to regulate in favor of hard copy records used in private transactions
15
E-SIGN (cont.)
Because E-SIGN did not cover most agency transactions, Agency Counsel needed to review Massachusetts statutes and regulations in order to determine whether their agency could use electronic signatures.
16
E-SIGN Reverse Preemption Provision
In States that pass National Commission on Uniform State Law version of the Uniform Electronic Transactions Act, section 101 of E-SIGN (the validating provisions) is replaced by the state UETA
States that pass non-uniform versions of UETA may have some or all of their state UETA reverse-reverse-preempted by E-SIGN
17
Progress of Reverse Preemption
As of today, 44 states have enacted some form of UETA and therefore are not subject to section 101 of E-SIGN
UETA (MUETA) enacted in Massachusetts in 2003 (Senate 2076 ).
18
IV MUETA
Effective February 18, 2004
Codified at Mass. Gen. L. ch. 100G
Chapter 133, Acts of 2003
Applies to any electronic record or electronic signature created, generated, sent, communicated, received, or stored on or after MUETA’s effective date.
19
MUETA and E-SIGN differ in a number of ways, including …
MUETA applies to all government transactions, E-SIGN only to government procurement transactions
Aside from their explicitly excepted provisions, E-SIGN covers only interstate and foreign commerce transactions, MUETA covers all transactions covered by the law of the state in which MUETA is enacted
20
E-SIGN and UETA Both say….
Electronic signature, cannot be denied legal effect or enforceability solely because it is electronic
Signatures subject to E-SIGN/MUETA are also subject to other substantive law
Ex: state law regarding age at which person has capacity to create legally binding signature is not affected by E-SIGN
21
Neither E-SIGN nor MUETA says….
To use a particular electronic signature technology; both are “technology neutral”
22
Agency Counsel Need to Know….
Does MUETA Apply? If so, what part?Is the transaction subject to consumer or other disclosure or notice laws?Does the ES comply with the standards issued by SPR, RCB and ITD?Is the use of the ES voluntary?Does the electronic system address the elements required by MUETA?
Does MUETA Apply? If So, What Part of MUETA?
24
MUETA applies to:
Both “transactions” and government’s non transactional activityDifferent sections of MUETA apply to transactional and non transactional activityTransaction is defined as “an action or set of actions occurring between two or more persons relating to the conduct of business, commercial or governmental affairs”
Example: issuing a license to a doctor to practice in Massachusetts
25
MUETA applies, cont.
Transactions do not include unilateral actions.
Example: Using an electronic system to approve timesheets.
26
MUETA applies (cont.)
Exemptions: If they apply, electronic signatures and records not necessarily invalid but can’t rely on MUETA to validate. Exclusions include:
Creation and execution of wills, codicils or testamentary trustsMassachusetts UCC, other than sections 1-107and 1-206, section 2 and section 2A of chapter 106Adoption, divorce or other matters of family lawCourt orders or notices, official court documents including briefs, pleadings, and other writings, required to be executed in connection with court proceedings
27
MUETA applies (cont.)
Any notice of the cancellation or termination of utility services (water, heat, power); of default acceleration, repo, foreclosure, eviction, or right to cure, under a credit agreement secured by, or a rental agreement for, a primary residence of an individual;Cancellation or termination of health insurance or benefits or life insurance benefits, excluding annuities; Recall of a productDocuments required by law to accompany transportation or handling of hazmat, pesticides, or other toxic or dangerous materials.
Transaction Subject to Consumer or other Disclosure or Notice Laws?
29
Disclosure or Notice
MUETA is written so that it does not reverse-preempt E-SIGN section 7001(c), a consumer protection provision. Must follow rules for consumer disclosure when engaged in market activity with consumerMUETA’s own rules regarding compliance with notice or disclosure (whether or not consumer related) in connection with electronic transaction. MUETA section 8
Example: state law requiring translation of certain notices
Does the Signature Comply with the Standards Issued by the Supervisor of
Public Records, RCB and ITD and, for contracts, OSC?
31
Standards
General provisions of MUETA say that SPR, RCB and ITD “shall determine whether, the extent to which and the manner by which such entities shall create, maintain and preserve electronic records, signatures and contracts and the method of converting paper government records to electronic format”
32
Current Standards
SPR Bulletins1-99 (email)
1-92 (fax transmissions)
1-93 (optical media)
4-96 (access and copying of electronic public record)
33
Current standards (cont.)
RCBStatewide Records Retention Schedule 04/04
Guideline for documentation of recordkeeping systems
34
Standards (cont.)
ITDEvolving standards for information technology in general, nothing specific re: electronic signatures yet.
35
OSC and Electronic Signatures on Contracts
MUETA makes ITD is the agency with authority to say when Executive Department agencies can use electronic records and signaturesITD is currently following OSC’s lead in determining when OSC is comfortable having agencies use electronic signatures for state contracts, since OSC is the subject matter expert in that area. OSC has not yet authorized use of electronic records or signatures for state contracts
Is use of the ES Voluntary?
37
Voluntary
MUETA doesn’t require any government agency to use electronic signatures
Nor does it require any citizen or business to use an ES when doing business with us; to the contrary, MUETA only validates electronic signatures when used voluntarily in transactions
38
Voluntary (cont.)
Practical implication for agencies: always keep a paper option for those with whom your agency engages in transactions. Agency relying on MUETA for validation cannot force citizens or businesses to use electronic signatures for transactions.
Does the Electronic System Address the Elements Required by MUETA for a Valid Electronic Signature?
40
E-SIGN and UETA both define the term electronic signature
An electronic signature is:[E-sign] An electronic sign, symbol or process [MUETA] Information or data in electronic form
attached to or logically associated with a contract or other record
executed or adopted by a person
with the intent to sign the record
41
Elements
An electronic “sign, symbol or process”, or electronic “information or data”, that constitutes the signature
42
Creating Legally Valid E-Signatures…
1. “By a Person”---Proper authentication of the signor.
Authenticate means to determine the signor’s identity
Authentication can be complex or simple. Different levels of authentication can be chosen depending on the purpose of transaction. For some transactions, no authentication may be required.
Typically, look to factors such as whether signature is likely to be denied by putative signor, and legal significance of signature.
43
Creating Legally Valid Electronic Signatures…Example: U.S.Patent and Trademark Office trademark registration. Mickey Mouse can do it!
Mass DOR: Filing taxes
Mass. DEP: Filing for environmental permit
Compare: online application for welfare benefits
44
Legally valid…
Typical means of authentication: something you have, something you know
Ex: At ATM machine, you insert your card (something you have) and provide your PIN (something you know)
Ex: Criminal History Systems Board provides gun dealers with biometric scanners (fingerprint devices) attached to their PCS so they can authenticate holders of gun licenses
45
Legally valid…
2. “Executed or adopted…”Not enough for user to be identifiedHas to take some step that indicates that he executed or adoptedClick on a button that says “sign”, “I Agree”, etc. Present screens and choices to the signor that make clear what he is signing and that he is signing; capture his intent.
46
Legally valid…
3. Attach the signature to the document, or logically associate signature with document
47
Legally valid…..
4. Protect the integrity of the signed electronic document. Document retrieved from the system must be identical to the document signed.
Audit trail with good security
Data authentication software
Encryption
V
TECHNOLOGY NEUTRALITY
49
Any technology that meets the four ESIGN/UETA requirements can be used to
create a valid Electronic SignatureClick through choices online at an online “Store”.
LL Bean
Multi-factor authentication and click throughs (use of ATM)Digitized signature
Use your credit card at Macy’s
Digital Signature
50
Digital Signatures
Digital signatures:Are placed on specific data like an email or web page
Verify integrity of document signed
Can be used to verify that the data comes from where it claims to come from
Use cryptographyHolder of private key encrypts (can’t forge unless you have access to this)
Holder of public key can de-encrypt
51
Digital Signatures, cont.
Meets all four E-SIGN/ UETA requirements
Challenging to administer
Can’t use with “strangers” because no widely used digital identities
Certification authorities
HHS HIPAA Security Regs
VI
MYTH OF NONREPUDIATION
53
The Myth of “Nonrepudiation”
Statutory and Common Law reasons for repudiating a traditional signature:
Forgery or
Not forgery, but signature obtained under (1) unconscionable conduct by party to transaction; (2) fraud instigated by third party; (3) undue influence exerted by third party
54
Forgery in Common Law Jurisdictions
If a person denies that a signature is his, the relying party has to prove that it is truly that of person denying it. Onus of proof is on person seeking to rely on signature
55
Forgery, cont.
Traditional trust mechanism: witnessing the signature. He who would rely on a signature that is denied produces a witness who saw the signature being made.
56
Technical Non Repudiation
Authentication that provides “proof” of the integrity and origin of data in an unforgeable relationship, which can be verified by any third party at any time or
Authentication that with high assurance can be asserted to be genuine, and that cannot be subsequently refuted.
57
Problems with Technical Non-repudiation
Private key theft or illicit usage; identity theft
Relies on post-signature events, where traditional trust mechanism relied on event at time of signature (witness)
Use of “non-repudiation bits”, extension of digital signature, only verifies that the private key of the person whose public key is specified in the DS was used to affix the digital signature.
58
Legal Nonrepudiation: Legal Movement to Reverse Burden of Proof re: electronic signatures
UNCITRAL Model Law on Electronic Commerce Article 13Alleged signatory would have burden of proof to show that he or she did NOT digitally sign a given document (i.e. that it is a forgery)MUETA does NOT support legal nonrepudiation
59
Take Home Message on Non-Repudiation
Not achieved technically
Legally indefensible
Don’t write it into state law or regulations
ITD will not authorize
60
Practical Tips
Know your CIO and IT staff and ask them lots of questions Get involved in agency IT development projects from day oneReview all ES components as system is being developedApply the analysis set forth in this presentation
61
MUETA Resources
NCCUSL notes on UETA are excellent and judges likely to find them persuasive
ITD
Little case law on transactions covered by E-SIGN and UETA, but there will be more.
Contact Information
Linda Hamel
General Counsel
Information Technology Division
Commonwealth of MA
(617)-626-4404