Electronic Authentication
The Bankers Roundtable supports federal legislation that would provide validity and certainty for private sector contracts relating to electronic authentication.
Electronic authentication provides a critical element for electronic commerce, particularly its role in verifying the identity of parties in financial transactions.
State laws on digital signatures and electronic authentication provided the first efforts to offer a solid foundation for electronic commerce within state borders, recognizing the importance of this element of contract law. The interstate and international nature of electronic commerce requires electronic authentication devices that are valid regardless of location. The policy of supporting private sector initiative and not favoring one technology over another applies to electronic authentication.
S. 1594 has the support of The Bankers Roundtable and meets the goals of a narrowly focused action to provide certainty for this important element of a contract. S. 1594 is important for what it does in preserving federal and state laws that govern other contracts and for its narrow focus, avoiding approaches that would represent government intervention in developing technologies.
Precedents exist for limited federal action to provide validity and certainty for private sector contracts for electronic authentication.
Federal action would support private contracts for electronic authentication and would provide certainty for these contracts in the face of differing state laws.
The time for federal legislation has arrived as electronic commerce faces the need for strong
authentication arrangements before a truly open system of operation may be realized for users.
Internationally, other countries and the European Community are considering actions to provide
certainty and uniformity for electronic authentication. Federal action would resolve domestic
issues and would create a strong foundation for United States actions in the international
community.
Introduction
Mr. Chairman and members of the Subcommittee, my name is Alfred Pollard and I serve as Senior Director for Legislative Affairs at The Bankers Roundtable. The Roundtable represents the nation's major banking organizations, with a membership open to the 125 largest institutions.
The Roundtable has been active for some time in the area of technology. Long before current interest in new retail delivery mechanisms, the Roundtable provided a major forum for discussion and industry policy making on the payments system.
Mr. Chairman, a review of S. 1594, the "Digital Signature and Electronic Authentication Law (SEAL)," produces this conclusion-- the bill represents an important and useful response to certain issues affecting the development of electronic commerce and one that merits early action by Congress. The legislation has the support of The Bankers Roundtable and the Banking Industry Technology Secretariat, the Roundtable subsidiary that focuses its efforts on encouraging the development of electronic banking and commerce in an open environment.
Contract law provides the foundation for most legal systems here and around the world. The ability to enforce contracts is key to contract law and enforcement of contracts is tied to the proper identification of parties who enter into contracts. To enforce a contract against a party requires above all else a showing that the party did agree to the contract and its terms. Central to this has been the requirement of a signature, be it on a contract for goods and services or on a document such as a will or application for government services. Indeed, the very first section of the Uniform Commercial Code addressing contracts requires that a contract be made and signed; UCC 2-201.
Today, the identification of parties has become more complex, involving personal identification numbers (PIN) and other methods of verifying that a contract was entered into by an individual or company. Even in this more complex world, businesses still need to assure that the person entering into a contract may be identified and consumers want to know that they are not liable for agreements that they did enter.
How to accomplish this in the electronic world, where parties do not witness one another's actions and where transactions may occur at a rapid pace, has led to the creation of new methods termed "electronic authentication,"(1) where the applicability of some established commercial rules (such as what is a signature) is not entirely clear.
It is worth noting that many federal and state agencies already permit the electronic filing of reports and documents and several states have recognized the importance of electronic authentication to electronic commerce and enacted laws to address electronic authentication. For policymakers, strong electronic authentication addresses concerns for financial institution and payments system security and stability as wells as customer security, confidentiality and privacy. Security refers not only to security that a contract is valid, but as well that the parties are protected from fraudulent transactions.
Simply put, identification of parties remains central to contracts and, ultimately, to the success of electronic commerce; consumers and vendors, be they individuals or businesses, must be able to rely on the validity of electronic contracts and the identity of the contracting parties.
S. 1594 seeks to address the concerns noted above.
The bill amends the Bank Protection Act of 1968, a law mandating bank initiatives to provide security to banks and their customers, and that is appropriate.
S. 1594 focuses on one narrow topic the identification of parties to contracts in an electronic environment.
In its core provisions, under new Sections 6(a) and (b)(2) of the Bank Protection Act, the bill authorizes financial institutions to enter into agreements for the use of electronic authentication and that such agreements shall operate without regulation or limitation by state authorities. The bill would not mean that financial institutions would be free of regulation, however, as it provides for federal and state regulators to oversee the use of electronic authentication.
This limited action to restrict state law merits support. First, it preempts state law in only one aspect of a contract, that relating to electronic authentication. Second, it retains federal and state authority to oversee the employment of such devices.
Mr. Chairman, the effort here, in plain English, is no different than providing that a PIN number issued by a bank to a customer should be valid anywhere the customer does business. S. 1594 does not affect the impact of state laws that if a party to a contract is improperly a minor, if the contract resulted from fraud, if the parties violated some federal, state or common law rule, then the contract falls. However, a contract may not be voided simply because an electronic authentication system runs afoul of some state regulatory requirement.
S. 1594 sets forth several important concepts; likewise, what S. 1594 does not do merits attention.
S. 1594 specifically provides for the continued operation of federal and state consumer protection laws, including those related to electronic funds transfers or credit extensions. The bill directs the Federal Reserve Board to report to Congress by July 1, 2000 on the operation of the Act in the marketplace. S. 1594 provides that institutions not acting under the new law remain unaffected by its provisions.
S. 1594 avoids certain actions as well. First, the Act would be very limited in scope and specifically expresses those limitations in statutory language. Second, the Act does not set the terms of contracts, leaving that to the parties to develop as a situation merits and as new electronic commerce demands new methods. Third, the Act favors no one method of electronic authentication, thus abiding by the policy of not favoring or disfavoring market evolution. Fourth, the Act does not create new regulatory bodies, be they government, quasi-government or private sector, at a time when the value of such entities would be suspect. Fifth, the Act does not require authentication contracts to meet the standards of a law or regulation to be valid; the Act is optional. Sixth, the law is clear on preemption-- narrow but certain, without language on possible overrides.
Domestic. Simply put, we have a dynamic federal-state system of government and no better proof exists than the lead that states have taken in addressing concerns for contract validity through creation of digital signature laws. However, electronic commerce would operate under extreme disadvantage and development would be hindered if state laws subjected a device intended to provide customer security and system integrity to uneven and conflicting enforcement.
The decision to preempt state action should not be taken lightly. The area of electronic authentication presents one of those unusual, but necessary, occasions. In concepts as fundamental to commerce as identification and security, a lack of uniformity in state laws, regulations and court decisions could quickly unravel or make extraordinarily costly the conduct of business in an electronic environment. Conflicting state laws, rules or court decisions already cloud the development of products for electronic commerce. This simply is unnecessary and preventing such a result does little damage to state goals in addressing electronic commerce.
International.Internationally, Japan, Denmark, Germany, Italy and the
European Union are working to provide legal recognition for electronic authentication agreements. Malaysia has adopted a digital signature law. The United Nations has indicated interest in exploring the need for an international law on electronic authentication.(2)
The European Union has published a paper entitled Towards a European Framework for Digital Signatures and Encryption, COM(97)503 released October 8, 1997. The paper highlights the significance of establishing a community-wide approach to electronic authentication in Europe in order to permit electronic commerce to advance. The paper sets forth a number of questions that need answers across national lines. Perhaps of most significance, the paper calls for European action with a common legal framework by the year 2000. Whether the European Union can meet such an aggressive deadline may be questioned, however, the intent is clear to reduce the impedance that separate national schemes would create for electronic commerce.
Mr. Chairman, as the world continues to integrate, we need to avoid situations where local action on one particular issue upsets international business. Authentication of contracts should not be such an area.(3)
In testimony before this subcommittee in October of 1997, I provided an example of limited federal action on providing payment system security and integrity in the form of a law focused on the validity of contracts related to bilateral netting arrangements. In 1991 as part of the Federal Deposit Insurance Corporation Improvement Act, PL 102-242, a section of the law addressed reducing risk in the payment system.
Congress noted in Section 401 of the law, that financial institutions participate in thousands of transactions daily, that processing those transaction is essential to a "smoothly functioning economy" and that "such transactions can be processed most efficiently if, consistent with applicable contractual terms, obligations among financial institutions are netted." Finally, Congress noted that "the effectiveness of such netting procedures can be assured only if they are recognized as valid and legally binding..." [Emphasis added.] To that end, Congress provided that such contracts "notwithstanding any other provision of law...shall be netted in accordance with, and subject to the conditions of, the terms of any applicable netting contract." Section 403.
In that legislation, Congress acted on a key element of commerce, upholding the validity of contracts in one area-- netting-- and not otherwise interfering with state laws. I repeat this model as one providing strong support for the limited, but critical undertaking contained in S. 1594.
Mr. Chairman and members of the subcommittee, S. 1594 represents a carefully crafted,
"minimalist" approach to avoiding a problem that should not be permitted to become a major
drag on electronic commerce. " Narrow," "targeted," "restricted"-- all of these words describe
this legislation and that is an appropriate method for addressing this problem. The legislation
provides a useful framework for moving ahead with electronic commerce without diminishing
the important role of states and without affecting the evolution of technology.
1. Electronic authentication refers to the use of cryptography (scrambling information that may only be read with a key to decrypt) and other devices (biometric measures such as electronic reading of fingerprints) to identify a party to a contract and to verify that the contract represents the message sent by that party.
2. For a recent review of international developments, see Kiefer, "Developments Abroad May Influence U.S. Policy on Electronic Banking," 17 Banking Policy Report 1 (February 16, 1998).
3. Though not related to encryption, the well known case of Hazell v. London Borough of Hammersmith & Fulham is instructive. In 1991, the House of Lords upheld a local court ruling that a borough could not enter into swaps agreements, invalidating a large number of existing swaps contracts. This disrupted such diverse markets as those in London as well as Canada, Australa and Hong Kong and the case affected the business practices of U.S. firms. This one
local case prompted legislation in a number of countries, demonstrating the impact of local decisions on global markets. Such could be the case of local rulings on digital signature authorities.
Home | Menu | Links | Info | Chairman's Page