[House Hearing, 106 Congress] [From the U.S. Government Printing Office] THE ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE ACT ======================================================================= HEARING before the SUBCOMMITTEE ON TELECOMMUNICATIONS, TRADE, AND CONSUMER PROTECTION of the COMMITTEE ON COMMERCE HOUSE OF REPRESENTATIVES ONE HUNDRED SIXTH CONGRESS FIRST SESSION on H.R. 1714 __________ JUNE 9, 1999 __________ Serial No. 106-32 __________ Printed for the use of the Committee on Commerce
U.S. GOVERNMENT PRINTING OFFICE 57-447 CC WASHINGTON : 1999 ------------------------------------------------------------------------------ For sale by the U.S. Government Printing Office Superintendent of Documents, Congressional Sales Office, Washington, DC 20402 ------------------------------ COMMITTEE ON COMMERCE TOM BLILEY, Virginia, Chairman W.J. ``BILLY'' TAUZIN, Louisiana JOHN D. DINGELL, Michigan MICHAEL G. OXLEY, Ohio HENRY A. WAXMAN, California MICHAEL BILIRAKIS, Florida EDWARD J. MARKEY, Massachusetts JOE BARTON, Texas RALPH M. HALL, Texas FRED UPTON, Michigan RICK BOUCHER, Virginia CLIFF STEARNS, Florida EDOLPHUS TOWNS, New York PAUL E. GILLMOR, Ohio FRANK PALLONE, Jr., New Jersey Vice Chairman SHERROD BROWN, Ohio JAMES C. GREENWOOD, Pennsylvania BART GORDON, Tennessee CHRISTOPHER COX, California PETER DEUTSCH, Florida NATHAN DEAL, Georgia BOBBY L. RUSH, Illinois STEVE LARGENT, Oklahoma ANNA G. ESHOO, California RICHARD BURR, North Carolina RON KLINK, Pennsylvania BRIAN P. BILBRAY, California BART STUPAK, Michigan ED WHITFIELD, Kentucky ELIOT L. ENGEL, New York GREG GANSKE, Iowa THOMAS C. SAWYER, Ohio CHARLIE NORWOOD, Georgia ALBERT R. WYNN, Maryland TOM A. COBURN, Oklahoma GENE GREEN, Texas RICK LAZIO, New York KAREN McCARTHY, Missouri BARBARA CUBIN, Wyoming TED STRICKLAND, Ohio JAMES E. ROGAN, California DIANA DeGETTE, Colorado JOHN SHIMKUS, Illinois THOMAS M. BARRETT, Wisconsin HEATHER WILSON, New Mexico BILL LUTHER, Minnesota JOHN B. SHADEGG, Arizona LOIS CAPPS, California CHARLES W. ``CHIP'' PICKERING, Mississippi VITO FOSSELLA, New York ROY BLUNT, Missouri ED BRYANT, Tennessee ROBERT L. EHRLICH, Jr., Maryland James E. Derderian, Chief of Staff James D. Barnette, General Counsel Reid P.F. Stuntz, Minority Staff Director and Chief Counsel ______ Subcommittee on Telecommunications, Trade, and Consumer Protection W.J. ``BILLY'' TAUZIN, Louisiana, Chairman MICHAEL G. OXLEY, Ohio, EDWARD J. MARKEY, Massachusetts Vice Chairman RICK BOUCHER, Virginia CLIFF STEARNS, Florida BART GORDON, Tennessee PAUL E. GILLMOR, Ohio BOBBY L. RUSH, Illinois CHRISTOPHER COX, California ANNA G. ESHOO, California NATHAN DEAL, Georgia ELIOT L. ENGEL, New York STEVE LARGENT, Oklahoma ALBERT R. WYNN, Maryland BARBARA CUBIN, Wyoming BILL LUTHER, Minnesota JAMES E. ROGAN, California RON KLINK, Pennsylvania JOHN SHIMKUS, Illinois THOMAS C. SAWYER, Ohio HEATHER WILSON, New Mexico GENE GREEN, Texas CHARLES W. ``CHIP'' PICKERING, KAREN McCARTHY, Missouri Mississippi JOHN D. DINGELL, Michigan, VITO FOSSELLA, New York (Ex Officio) ROY BLUNT, Missouri ROBERT L. EHRLICH, Jr., Maryland TOM BLILEY, Virginia, (Ex Officio) (ii) C O N T E N T S __________ Page Testimony of: Curtis, Christopher T., Associate General Counsel, Capital One Financial Corporation.................................. 37 Engelberg, Ari, President and Founder of Stamps.Com, Incorporated............................................... 32 Greenwood, Daniel, Deputy General Counsel, Information Technology Division, Commonwealth of Massachusetts......... 26 Pincus, Andrew J., General Counsel, Department of Commerce... 10 Siedlarz, John E., President and Chief Executive Officer, Iriscan, Incorporated, on behalf of the International Biometric Industry Association............................. 35 Skogen, Jeffrey, Internet Market Manager, Ford Motor Credit Company.................................................... 23 Upson, Donald W., Secretary of Technology, Commonwealth of Virginia................................................... 19 Material submitted for the record by: Business Software Alliance, prepared statement of............ 59 (iii) THE ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE ACT ---------- WEDNESDAY, JUNE 9, 1999 House of Representatives, Committee on Commerce, Subcommittee on Telecommunications, Trade and Consumer Protection, Washington, DC. The subcommittee met, pursuant to notice, at 10 a.m., in room 2123, Rayburn House Office Building, Hon. W.J. ``Billy'' Tauzin, (chairman) presiding. Members present: Tauzin, Stearns, Gillmor, Deal, Largent, Cubin, Shimkus, Ehrlich, Bliley (ex officio), Gordon, Rush, Eshoo, Sawyer, Green, McCarthy, and Dingell (ex officio). Staff present: Paul Scolese, professional staff member; Mike O'Reilly, professional staff member; Ed Hearst, majority counsel; Donn Salvosa, legislative clerk, and Andy Levin, minority counsel. Mr. Tauzin. The committee will please come to order. A number of years ago, the ``New Yorker Magazine'' ran a cartoon showing two dogs seated at a computer. One dog says to the other, ``On the Internet, nobody knows you are a dog.'' That is also true, by the way, in some voter registration systems in some of our States. I think there was a newspaper in Lake Charles, Louisiana, that managed to register two dogs in the Louisiana elections. For the first few years of the Internet, that was true. You really didn't know who was on the other end. However, with the explosion in electronic commerce activities, a clear need has developed for knowing who you are and who you are dealing with online; especially now that online transactions are becoming more and more complex. Many companies are currently at work developing products and services that seek to electronically authenticate parties to online transactions. One hurdle the companies that are seeking to use the electronic authentication face is the uncertain legality of electronic signatures. States have begun to update laws to address this problem. To date, 44 States have enacted some type of electronic signature law. However, no two States have adopted the same law. Therefore, the result is a patchwork of State laws on the recognition of electronic signatures. In my opinion, 40 of 50 different State standards will make interstate commerce very difficult; if not in some cases impossible. The subcommittee is aware that there is an effort underway to create a uniform State electronic signature law. Even under optimistic assumptions, adoption by all 50 States will take 3 to 5 years. Now that may not seem like a long time. But in the fast-changing world of electronic commerce, that is nearly an eternity. Today this subcommittee will be examining H.R. 1714, the Electronic Signatures In Global and National Commerce Act, ``E- SIGN.'' The goal of this act is to further promote the development and growth of electronic commerce by clarifying the legal status of electronic signatures and records. Contracts or agreements cannot be invalidated solely because the agreement or contract is in an electronic form, or has been signed electronically. The legislation does recognize the efforts by States, and allows States to enact their own legislation to recognize electronic signatures and electronic records. The efforts to create a uniform State electronic signatures law, and the goal of H.R. 1714 are, therefore, in no way incompatible. Rather, they are complementary in that they are working toward a single, uniform standard. Another important element of this legislation is that it provides this sector of Commerce with guidance in promoting American principles on electronic signature laws overseas. It would clearly harm American interests to have foreign nations enact laws that would, or could, discriminate against American products and companies; or create closed systems that do not recognize the technologies and systems used by American companies. I think we only have to look at the controversy surrounding the third-generation wireless standards to see how important the international marketplace is. We will be hearing from a panel of witnesses today that will give us many perspectives on the issues of electronic authentication, and on H.R. 1714 in particular. The panel includes developers and users of these technologies, as well as representatives from State governments and the administration. H.R. 1714 is clearly the beginning of a process. I fully anticipate that this committee will be working with Chairman Bliley and all interested parties to work out a final bill that will meet our goal of furthering the use of electronic signatures and promoting electronic commerce. Additionally, we look forward to hearing comments from our colleague from Tennessee, Mr. Gordon, on the work that he has done on H.R. 1572, his Digital Signature Act of 1999, which I understand has been referred to a different committee. I thank you and look forward to hearing the testimony from our distinguished panel. The Chair is pleased to recognize the author of the legislation, the Chairman of the full Commerce Committee, the honorable gentleman from Richmond, Virginia, Mr. Tom Bliley. Chairman Bliley. Thank you, Mr. Chairman. You know, I represent a district in the Commonwealth of Virginia, better known as the ``Internet Capital of the World.'' It is home to Internet companies, both large and small. As a result, I have the chance to talk with leading Internet business executives and visit cutting-edge technology companies. Everywhere I go and everyone I speak to tells me how important it is for Congress to pass legislation that provides legal recognition to electronic signature and electronic records. While I am speaking of Virginia, I also want to welcome Don Upson, the Secretary of Technology for Virginia. Virginia was the first State in the Nation to create a cabinet-level position for technology secretary. I think this clearly shows the commitment by Governor Gilmore and others in the State to promote the growth of electronic commerce and information technology. We saw the explosion of electronic commerce during last year's Christmas shopping season--far in excess of all the predictions. The pace has not let up. When many people think of electronic commerce, they think of buying books or airplane tickets. But recently, we have seen people starting to buy automobiles; getting approved for mortgages; or investing their retirement funds online--something we could not have imagined just a few years ago. As the value and complexity of online transactions grows, the need for knowing that the transaction is legally binding becomes even more important. That is where H.R. 1714, the Electronic Signatures in Global and National Commerce Act, comes in. By clearing away the legal uncertainties surrounding electronic signatures and records, more businesses will use electronic signatures and consumers will feel more comfortable doing business online. The technologies used to create and transmit electronic signatures also provides much greater safety and security to online transactions. As I have stated many times during last year's series of hearings on electronic commerce, I want to see that the safety, security, and privacy of online consumers is protected. Encouraging businesses and consumers to use electronic authentication will help to do just that. I believe that H.R. 1714 is the correct approach to creating a legal framework for accepting electronic signatures and records. The legislation lays out a single nationwide standards for the acceptance of electronic signatures and electronic records. We do not pick or choose a specific type of electronic authentication; nor do we choose what types of businesses should be allowed to offer electronic signature services. The legislation also provides guidance to the Department of Commerce in the their international negotiations on electronic authentication. I believe that the principles laid out in this bill, such as technological and business neutrality and market leadership, should be promoted overseas. I do not want to see foreign nations instituting electronic authentication regimes that would discriminate against American manufacturers or providers of electronic authentication technology. H.R. 1714 also amends Federal securities law to provide for the legal acceptance of electronic signatures and records. This provision will be the subject of an upcoming legislative hearing in Mike Oxley's subcommittee. I do want to recognize the efforts that States have been making in this area. Today more than 40 States, as the chairman has said, have enacted legislation that provides recognition of electronic signatures. My concern is that every law is different. Many only allow State agencies to accept electronic signatures; and some provide legal recognition only to signatures generated by a specific technology. It is clear that for unfettered interstate commerce to take place, we must establish a single, nationwide standard. I understand that a uniform State law on electronic signatures is being developed. I believe H.R. 1714 recognizes this effort by allowing States to enact their own electronic signature bills that follow the principles laid out in H.R. 1714. I look forward to hearing the comments and issues raised in this hearing and the future hearings on H.R. 1714. I am hopeful that we will move H.R. 1714 through the committee and to the House floor before the end of the year. These hearings move far down the road to having this bill signed into law. Thank you, Mr. Chairman. I yield back the balance of my time. Mr. Tauzin. I thank the chairman for his statement and for his extraordinary attention to the issues of electronic commerce at this committee and other subcommittee levels. By the way, I want to commend you, Mr. Chairman, for not seeking to claim the invention of the Internet. Chairman Bliley. We already have a claimant to that. Mr. Tauzin. The Chair is now pleased to recognize the gentlelady who has a been a leader for a long time in the digital signature area, the gentlelady from California, Ms. Eshoo. Ms. Eshoo. Thank you very much, Mr. Chairman, for your kind words, as well. This is an important hearing today. I am delighted to not only be a part of it, but to welcome everyone that is here to testify. We are discussing legislation in which we and Congress are trying to prevent a revolutionary way of business from being really strangled by outdated laws. Specifically, this legislation updates the law by declaring that electronic signatures will be deemed valid. This legislation extends the principle of electronic authentication we established last Congress, with the passage of my legislation which was entitled, ``The Government Paperwork Elimination Act.'' That law required the Federal Government to accept electronic signatures. We are now seeking to extend that advancement to the commercial world. This is more than an appropriate step for the Congress to be taking. The Internet has really introduced many new buzzwords into our lexicon, our vocabulary, words like: ``browser,'' ``web page,'' and ``e-mail.'' The newest term, of course, is ``e- commerce.'' The projections for the growth of electronic commerce and its effect on the global economy are indeed staggering. Last year, shoppers spent an estimated $9 billion buying products online. That is quite an eye-opener--$9 billion. Business-to-business electronic commerce was nearly five times greater than in the consumer market, reaching $43 billion just last year. By the year 2003, Forester Research predicts business-to-business electronic commerce will climb to $1.3 trillion. At the Federal level, we understand these sums. That would constitute nearly 10 percent of all U.S. business trade. Not only are the Fortune 500 companies taking advantage of this new way of doing and transacting business; but it offers an extraordinary opportunity to over 5 million small businesses in our country. Not long ago, small businesses, like the jewelry store that my father owned in Connecticut, were limited to doing business in the community that they were located in. Now with the web page and some creative marketing, a store in Connecticut may be repairing watches sent all the way from my district, Palo Alto, California. Or jewelry stores in Connecticut may be selling their products to department stores in California. The electronic commerce bill I introduced and the bill before us today are attempts to make sure our laws permit that businesses in Connecticut and stores in California do business by utilizing the latest form of electronic signatures. Both bills aim to ensure that those conducting business online and who chose to sign electronic contracts with electronic signatures will be able to do so with legal certainty. Many States have already passed legislation. The chairman of our committee just iterated that in his comments before us. They have passed legislation allowing for the acceptance. Unfortunately, this has resulted in a confusing maze of State laws that hamper interstate commerce. States have been working on developing a uniform model law to create one standard for acceptance of electronic signatures and contracts similar to what the Uniform Commercial Code accomplished for contract law. It is expected to be completed soon and offered to the 50 State legislatures for adoption. The bill I introduced and the one we are discussing today bridge the gap from now until the fiftieth State has passed a version of this model law by preempting the existing confusion of multiple State laws. In fact, identical bipartisan legislation of mine, introduced in the Senate, has already been endorsed by State governments and industry, alike. I am concerned in this particular area that the bill we are discussing today has somewhat of a heavy hand in implementing a 2-year deadline on States, and would inappropriately give the Secretary of Commerce the ability to enjoin State laws. So I look forward to discussing with the panelists today their impression of the section in question: section 102 of H.R. 1714. I want to salute the chairman of our committee for his broad and important interest in this area of electronic commerce. I look forward to working with him and Chairman Tauzin on improving this legislation so that it can, indeed, be adopted in the 106th Congress, at a time when it really is going to count the most. Thank you, Mr. Chairman. I yield back. Mr. Tauzin. I thank the gentlelady. Indeed, the committee is grateful to her for her pioneering work in this area and her commitment to continue this process. The Chair is now pleased to welcome and recognize the gentlelady, Ms. Cubin, for an opening statement. Mrs. Cubin. Thank you, Mr. Chairman. Thank you also for holding this important legislative hearing on H.R. 1714, the Electronic Signatures in Global and National Commerce Act, or E-SIGN. The commercial activity that takes place over the Internet is staggering. It is growing rapidly. We are witnessing an incredible expansion of business transactions over the network. I am personally amazed at how much commercial activity was conducted over this past Christmas season. You know, since I like to shop, it was even better. E-commerce moves us from making traditional face-to-face purchases, of which we have all grown accustomed, to blindly trusting a stranger at the other end of a computer screen to responsibly and honestly carry out the transactions that we want. H.R. 1714 will allow some semblance of trust when making these blind transactions over the Internet. It will not only bring some peace of mind to those of use who engage in e- commerce; it will also promote growth and development of the electronic commerce industry. It is important the consumers be assured that there is legal validity of contract or transaction that is made over the Internet. I am a strong advocate for States' rights and developing an environment where States can establish policy that works best for each particular State. In the case of electronic signatures, there are currently over 40 States that have enacted some sort of legislation to recognize the validity of electronic signatures. The problem, however, is that no two States have an identical law. This makes it difficult to do business transactions across State lines; and at the same time ensure the legal validity of a contract where one State recognizes it as being binding because is it was signed electronically, rather than with a physical signature. H.R. 1714 would establish a uniform, national framework for the acceptance of electronic signatures and records. I support the intent of Chairman Bliley's legislation, and I commend his hard work in bringing this bill forward for discussion. I do look forward to hearing from today's witnesses. I yield back the balance of my time. Thank you, Mr. Chairman. Mr. Tauzin. The Chair thanks the gentlelady from Wyoming. The Chair would now recognize the gentleman from Tennessee, but the gentleman from Michigan, the ranking minority member has arrived. I wonder if the gentleman from Tennessee would allow me to recognize him out of turn. Mr. Gordon. Be happy to. Mr. Tauzin. The gentleman from Michigan, the ranking member of our full committee, Mr. Dingell, is recognized. Mr. Dingell. Mr. Chairman, I thank you. I thank the gentleman from Tennessee. Mr. Chairman, I commend you for your holding this hearing. This is an important matter. For centuries a legal contract was not considered valid unless it was impressed with the seal of the signer to prove its authenticity. More recently, China is just beginning to move away from the idea that everything has to be processed with a chop added to the document to establish the authenticity of the document. Just a few years ago, most of us would never have predicted that a written signature on a sales contract would be obsolete, but that situation appears to be coming upon us. As today's business is conducted increasingly over the Internet and through vast computer networks, the electronic signature is becoming just as crucial for the smooth operation of commercial law. In order for this new world of electronic commerce to take shape, grow, and prosper, we must make sure that electronic signatures are recognized as legal, secure, and binding. Emerging technologies demand that our policies keep pace. I congratulate Chairman Bliley for his efforts in this area. His legislation, H.R. 1714, would make great strides in furthering the use of electronic signatures in commerce. In these goals he has my strong support. There is, however, one area of this bill that causes me concern. While I agree that it is useful at times to have a uniform national policy, we must be careful not to impose our judgments on the States, particularly at time when they, too, are actively studying these same issues. In fact, I understand that a model State code is currently under development. Many State legislatures are likely to enact it in one form or another. I believe that we should not interfere with their ability to do so. We should enable the States and utilize the States for the purposes of achieving a uniform national policy; but allow the States to serve as a nursery for the development of good, useful and new ideas. The States should have enough time to fully evaluate this model code; then to write, debate, and pass their own legislation. Unfortunately H.R. 1714, as drafted, would limit to 2 years the period in which the States would not be threatened by Federal preemption. I am afraid this limitation may deny many States the opportunity to act on their on behalf. Again, I want to commend Chairman Bliley for his hard work. But I want to recognize and commend, as well, my good friend from California, Ms. Eshoo, for her strong commitment and leadership in this issue. I look forward to hearing from today's witnesses about how we can develop a strong policy on electronic commerce, while at the same time respecting the important role of the States. Mr. Chairman, I thank you for your kindness to me this morning. Mr. Tauzin. I thank the gentleman from Michigan. The Chair is pleased now to recognize the gentleman from Tennessee, Mr. Gordon, the author of the Digital Signature Act of 1999. Mr. Gordon. Mr. Gordon. Thank you, Mr. Chairman. My compliments for having this hearing. My compliments to Chairman Bliley for introducing this important bill. I want to be on record as being supportive today. I am going to poach a little time, if it is okay, to bring up another collateral bill that I think is complementary. I hope that we will have a chance to discuss it. I first became interested in electronic signatures 2 years ago, when the issue came up as part of the Computer Security Enhancement Act of 1997. At that time, I was concerned about how to encourage the widespread use of electronic signature technologies essential to ensure consumer trust in electronic commerce. In H.R. 1907, the computer enhancement bill that passed the House, I inserted the provision that established a national policy panel to address developing consensus on a national electronic signature infrastructure. Since then, with the leadership of my colleague and good friend, Ms. Eshoo, Congress passed the Government Paperwork Reduction Act, which requires Federal agencies to accommodate electronic transactions by the year 2002. There have also been a number of bills to deal with the legal status of electronic signatures and electronic records. My concern for the last 2 years is how do we promote the widespread use of electronic signatures by electronic commerce beyond the legal structure? I introduced H.R. 1572, the Digital Signature Act of 1999, with Science Committee Chairman Sensenbrenner, and Ranking Member, George Brown. The bill directs NIST to develop technology-neutral standards on interoperability to encourage the effective use of electronic signature technology by the Federal agencies, and encourages agencies to use off-the-shelf commercial products and services. In addition, the bill establishes a national working group under the Department of Commerce to start working on other elements necessary to encourage the widespread, everyday use of electronic signature technology. If electronic authentication systems are deployed by agencies with little thought to interoperability, it will make it harder--not easier--to conduct business electronically with the Federal Government. We should ensure this is done in a coordinated, technologically neutral way that promotes interoperability and encourages agencies to commercial, off- the=shelf products and services. In a recent ``Federal Technology Week'' article, Tony Trinkle, the Director of Electronic Services at the Social Security Administration, said the following, ``The bill moves the debate about standards in the right direction, especially at a time when agencies are trying to comply with the GPEA passed last year. The OMB guidelines do not provide much additional help for agencies trying to choose an electronic infrastructure in a growing market.'' These same concerns are what prompted me to introduce the bill. Many of our international trading partners recognize the importance of electronic authentication for electronic commerce, and are already working on national electronic signature infrastructures to facilitate the widespread use of electronic signatures. My bill would address this critical challenge by establishing a national working group with industry, States, and other stakeholders to start to develop consensus for this country. This would not only encourage electronic commerce, but will also enhance our position in the world market. Again, Mr. Chairman, thank you for allowing me to bring in some collateral issues. I am supportive of this bill you have before us today. Mr. Tauzin. The Chair thanks the gentleman. Does any other member desire to make an opening statement? Mr. Sawyer? Mr. Deal? The Chair is pleased, now, to ask unanimous consent that all members be permitted time to introduce into the record written opening statements. Without objection, so ordered. [Additional statements submitted for the record folow:] Prepared Statement of Hon. Michael G. Oxley, a Representative in Congress from the State of Ohio The E-SIGN legislation we consider today represents an important advance of law in the electronic age. Since $32 billion changed hands in electronic commerce last year, it's time we act. We need a federal law to overlay the patchwork quilt of 40 state laws that now govern. E-commerce businesses need that legal certainty, and their customers do, as well. This legislation has a number of features that should commend it to this committee. It maintains the important concept of technology neutrality. It applies to all businesses, regardless of their product lines or sizes. It allows the parties to choose what kind of technology they want to use in making their electronic agreements. And, it has an international section so that we can promote our principles overseas as the global standard. All state contract law remains intact, with the only change being the federal overlay of the digital signature law. All anti-forgery and anti-fraud law would remain in place without change. This change will begin to save unnecessary costs and time wasted while paper signatures cross the country through the mail. E-commerce is booming, and this legislation will support that healthy growth by offering efficiency to businesses and convenience to customers. Thanks to Chairman Bliley for crafting this legislation. I look forward to conducting another hearing on this bill in the Finance and Hazardous Materials Subcommittee later this month. ______ Prepared Statement of Hon. Thomas C. Sawyer, a Representative in Congress from the State of Ohio Thank you Mr. Chairman for holding this legislative hearing this morning on H.R. 1714, the Electronic Signatures in Global and National Commerce Act. I also want to thank our witnesses for coming to share their views on this legislation. A few years ago, a lot of attention was focused on the use of the Internet as a means for expression and communication. We have seen the effects it has on the way students, teachers and everyday citizens share and use information. Similarly, in a relatively short period of time, the Internet has grown in importance as a major tool for conducting commerce. It has profoundly reshaped the traditional ways in which business is conducted both domestically and internationally. Therefore, it should come as no surprise that there would be increasing demands for more innovative and efficient ways for completing electronic commerce transactions using digital signatures or some other personal authentication devices, that are legally binding, without ever leaving the confines of your computer room. We have become a society that looks for and that wants convenience. Today, our witnesses will testify on the merits of H.R. 1714. The intent of the legislation is to provide uniform national standards with respect to electronic signatures and their authentication because, for the most part, each state has their own set of guidelines in place. I would also like to thank Congresswoman Eshoo and Congressman Boucher for introducing legislation in this area as well. Although their bills differ from H.R. 1714, the underlying intent is the same. That is to prevent personal transactions that are completed by electronic signature mechanisms from being discriminated against because they were not done in a traditional way. H.R. 1714 contains two provisions that I hope to hear more about. The first is that states will have two years in which to develop alternative electronic signatures policies and procedures in order for state statutes to supersede provisions within H.R. 1714. My concern is that some state legislatures don't meet as often for legislative business, in some cases once a year. The second issue is that the legislation gives the Secretary of Commerce the ability to enjoin legal proceedings if the Secretary believes state statutes violate the spirit of this bill. I hope Mr. Pincus will be able to share his views on this particular topic. For the most part Mr. Chairman, I think this bill is a good piece of legislation. Clearly, this new era of telecommunications has affected the way we function as a society. We must be able to adapt to the new technologies being deployed to continue addressing the needs of our constituencies and to help further promote business. Again, thank you Mr. Chairman for holding this hearing. I look forward to our witnesses' testimony. Mr. Tauzin. The Chair also wants to advise our distinguished panel today that your written statements are automatically part of our record. As I introduce you today I would ask you to please summarize those statements in a conversational fashion with us, by hitting the high points of your testimony, so we can do it within the 5-minute rule; then have time to enter into a dialog with you on your comments. So we will begin by introducing this very distinguished panel, beginning with Mr. Andy Pincus, the General Counsel for the U.S. Department of Commerce. Mr. Pincus, you are now recognized to make your opening statement. STATEMENTS OF ANDREW J. PINCUS, GENERAL COUNSEL, DEPARTMENT OF COMMERCE; DONALD W. UPSON, SECRETARY OF TECHNOLOGY, COMMONWEALTH OF VIRGINIA; JEFFREY SKOGEN, INTERNET MARKET MANAGER, FORD MOTOR CREDIT COMPANY; DANIEL GREENWOOD, DEPUTY GENERAL COUNSEL, INFORMATION TECHNOLOGY DIVISION, COMMONWEALTH OF MASSACHUSETTS; ARI ENGELBERG, PRESIDENT AND FOUNDER OF STAMPS.COM, INCORPORATED; JOHN E. SIEDLARZ, PRESIDENT AND CHIEF EXECUTIVE OFFICER, IRISCAN, INCORPORATED, ON BEHALF OF THE INTERNATIONAL BIOMETRIC INDUSTRY ASSOCIATION; AND CHRISTOPHER T. CURTIS, ASSOCIATE GENERAL COUNSEL, CAPITAL ONE FINANCIAL CORPORATION Mr. Pincus. Thank you, Mr. Chairman. I am honored to appear before the subcommittee today. As you and the other members of the subcommittee have mentioned, the Internet is revolutionizing every aspect of business, not just in our country, but throughout the world. These developments require the attention of governments to ensure that we are doing everything that we can to enable the development of this important new medium of commerce. Chairman Bliley, Mr. Dingell, you, Mr. Chairman, and the other members of this committee clearly recognize this fact. You have taken a leadership role in ensuring that our country remains at the forefront in creating and exploiting the possibilities of electronic commerce. As other countries begin to recognize the potential of this new medium, we must continue to lead the way, not just in the private sector where we clearly are leading the way; but also in crafting the appropriate policy framework for these new developments. As we have in the past, the administration, and especially those of us at the Commerce Department, look forward to working with you on these important issues. H.R. 1714 addresses a subject that is at the very core of enabling electronic commerce. It is obvious that e-commerce will grow only if parties' transactions over the Internet are just as legally binding as their transactions in the physical world. Although everyone hopes they will not have to end up in court and hire a lawyer, they obviously want to be sure that there is a way to hold the other party to the contract to their obligations, in case something does go wrong. There are basically, as we see it, two issues in accomplishing this goal. First, eliminate statutory rules that require paper contracts. We obviously have to be sure that electronic agreements have the same legal status as paper contracts. The second question is when and how does an electronic contract become legally binding on the parties? In the physical world, the general rule is that the party has to manifest his or her intent to be bound. This can be done with a written signature; but it can also be done with an ``X,'' or by an exchange of telegrams or various other means by which a court will conclude that there was an intent by both parties to be bound by the contract. In the online environment, we advocate the same approach. There already are--and certainly, the way technology is evolving, there will be even more in the future--different ways to electronically sign a contract: everything from typing your name at the end of an e-mail and sending it, to using very sophisticated biometric or digital signature technology to evidence one's intent to be bound. The market is in a very, very early state of evolving. It is clear that companies and individuals are using different types of authentication technology for different kinds of transactions, as they do in the physical world. We think it is very, very important to let that evolution take place and let the market continue to examine and test various forms of signature technology. In fact, last week I was privileged to participate in a workshop held in California by the OECD and the private sector that spent 2 days hearing presentations from various sectors--the manufacturing sector, the financial sector--on the kinds of signature technologies and the different business models that are being used to provide a legal basis for agreement in those sectors. I think that we are in agreement on the basic principles that should govern the resolution of these two basic issues. First, as I said, eliminate barriers, paper contract requirements, and requirements of pen-and-ink signatures that are relics of an earlier age. Ensure technological neutrality, as several members of the subcommittee have said. It is very important that any legal rules that are adopted allow all these different technological approaches to have legal validity. Finally, be sure that parties are free to agree upon a means of authenticating their transactions; and if they do that, their subsequent agreements that are authenticated in that manner will be legally binding. What we are seeing right now in electronic commerce is those kinds of systems where parties--auto companies and their suppliers, for example--set up an electronic structure for engaging in electronic ordering and electronic contracting and agree to use a particular technology for authentication. In order to allow those kinds of--what has come now to be known as--``closed systems'' to develop, we have to be sure that they do create legally binding agreements. We also agree that, as H.R. 1714 provides, there must be considerable attention paid to promoting these principles internationally. One of the most promising aspects of the Internet is its ability to facilitate cross-border transactions. It used to be that to be an exporter you had to be a big company and have agents all around the world to hawk your products. Now, all you need is a website and you will have access to every market in the world. Of course, we need international rules that will ensure that cross-border contracts that are made as a result of that access actually are legally enforceable. As discussed in my written testimony, we have been working very hard on this issue. It is certainly useful to be sure that the entire U.S. Government, the administration, and the Congress, make clear to the rest of the world that these basic principles are important to us. Domestically, as several members of the subcommittee have mentioned, we also need rules that implement these principles. This area of contract law has long been the province of the States. Through the uniform law process, the National Conference of Commissioners on Uniform State Laws has developed the Uniform Electronic Transactions Act, as a number of the members of the subcommittee mentioned; and plan to submit that act for adoption to the States at the end of July. If we could wave a wand and have all 50 States enact that law, clearly the problem would be solved. We would have a very strong basis in domestic law for electronic commerce that meets all of our principles. There is concern, as you mentioned, Mr. Chairman, about the speed by which the States will adopt this. We don't think, right now, that there is evidence that the absence of uniform law is obstructing the growth of e-commerce. Although people have pointed to some differing laws, many of those laws only relate to government transactions. A lot of the States haven't spoken to the question of private commercial transactions. Certainly, at some point it may become true that the absence of a national standard is inhibiting domestic commerce. We need to create an environment that will encourage the States to move quickly to adopt the UETA. Our view is that the States should be given a chance to do that. If there is not quick action, it may then well be appropriate to establish some Federal rule to fill the gap until the States have adopted that measure. Thank you very much, Mr. Chairman, I look forward to answering the subcommittee's questions. [The prepared statement of Andrew J. Pincus follows:] Prepared Statement of Andrew J. Pincus, General Counsel, Department of Commerce Mr. Chairman, members of the Subcommittee, thank you for inviting me to testify today about H.R. 1714, the ``Electronic Signatures in Global and National Commerce Act.'' As suggested in your letter inviting me to testify at this hearing, Mr. Chairman, my statement addresses the Administration's views concerning only titles I and II of the bill. Also, other agencies, including the Department of Justice, are reviewing this legislation and may have additional comments or concerns. It is now an undeniable fact that the Internet is revolutionizing every aspect of business, not just in our country, but throughout the entire world. Although the amount of commerce conducted over the Internet is small as a percentage of our total economy, it is growing at a very rapid rate. In early 1998, experts estimated that Internet retailing might reach $7 billion by the year 2000. In all likelihood, this level was exceeded last year, and forecasters now project on-line retail sales greater than $40 billion by 2002. Similarly, in last year's Emerging Digital Economy Report, we noted that forecasters were suggesting that electronic commerce might rise to $300 billion by 2002. More forecasters now consider the estimate to be low, with Forrester Research estimating that all electronic commerce (including business- to-business activity) will rise to $1.3 trillion by 2003. The Framework for Global Electronic Commerce issued by President Clinton and Vice President Gore in July 1997 pointed out that ``[m]any businesses and consumers are still wary of conducting extensive business over the Internet because of the lack of a predictable legal environment governing transactions.'' President Clinton directed Secretary Daley to ``work with the private sector, State and local governments, and foreign governments to support the development, both domestically and internationally, of a uniform commercial legal framework that recognizes, facilitates, and enforces electronic transactions worldwide.'' The Framework identified several key principles to guide the drafting of these legal rules: parties should be free to order the contractual relationship between themselves as they see fit; rules should be technology-neutral (i.e., the rules should neither require nor assume a particular technology) and forward looking (i.e., the rules should not hinder the use or development of technology in the future); existing rules should be modified and new rules should be adopted only as necessary or substantially desirable to support the use of electronic technologies; and the process should involve the high-tech commercial sector as well as businesses that have not yet moved online. The basic legal framework needed to enable electronic transactions in a commercial context consists of two essential elements. First is the elimination of statutory rules requiring paper contracts. There is a broad consensus that--with the exception of a few specialized agreements (wills and property deeds, for example)--parties' electronic agreements should have the same legal status as paper agreements. The second element involves when and how an electronic commercial contract becomes legally binding on, and therefore enforceable in court against, a person or entity that is a party to the contract. In the off-line world, the key question is whether a party has manifested its intent to be bound by the contract, which generally occurs through a written record, and often, affixing a written signature to that written record. A signature, however, often is not a legal requirement (for example, a binding contract may be formed through an exchange of telegrams). The issue is, how can we apply and use long-standing commercial principles in connection with transactions in cyberspace? As in the off-line world, there are a large variety of means by which a party may electronically evidence his agreement to the terms of a contract--what has come to be termed ``electronic authentication.'' He could type his name at the end of an e-mail message containing the terms of the agreement. He could end the message with a previously agreed-upon code-word. He could end the message with an electronic facsimile of his written signature created by using an electronic stylus. He could ``sign'' the message using some form of digital signature technology. He could also ``sign'' the message using some form of biometric technology. Moreover, the technology models are evolving rapidly, and we will see further new technologies in the future. The private sector today is using a variety of forms of electronic authentication. One other variable is important in understanding the legal standards governing electronic authentication. When electronic commerce was first beginning, some observers imagined a world in which everyone would have a single, universal digital identifier that would be used to authenticate each individual's electronic transactions. That would enable each individual to surf the Internet and enter into transactions with anyone he encountered, confident that the other party's digital identifier provided a legally valid means of identifying that party in the event the transaction ended up in court. Although the future may see creation of both a market and the infrastructure needed for such as system to authenticate transactions, it does not exist now and is not likely to exist in the near term (and probably not even in the medium term). Most of today's electronic transactions occur in what are termed ``closed systems''--systems in which parties that already are related in some manner conduct electronic transactions with each other pursuant to a system that the parties have agreed by contract or practice to utilize for that purpose. This model is reflected in sectors as diverse as manufacturing and banking and financial services where commercial parties establish the technological approach they will rely on, as well as the rules by which they will operate, assign risk and settle disputes. One example is the effort by the three major U.S. auto makers to develop on a unified basis a global system to tie product development together with more than 15,000 suppliers operating around the world. This Automotive Exchange Network will begin operating this fall. In a more traditional vein, the international network by which credit transactions are managed is predicated in large part on a series of agreements between banks and retailers, and by users. And, as a further example, the consortia of financial institutions that established Identrus enabled companies to conduct worldwide trusted business-to-business electronic commerce with any member of their network. With this background, I would like to describe briefly what we in the Commerce Department have been doing over the last two years to carry out the President's directive to support creation of an appropriate legal framework for electronic commerce. State law has long supplied the basic standards governing private commercial transactions within the United States. The National Conference of Commissioners of Uniform State Law (NCCUSL) has been working since early 1997 to adapt these legal standards to cyberspace by drafting a new model ``Uniform Electronic Transactions Act'' (UETA) to establish a predictable, minimalist framework to provide legal recognition to both electronic records and electronic signatures. The NCCUSL process involves broad consultation with legal experts and other interested parties, and permits observers to attend and participate in meetings of the drafting committees. As this Committee knows, NCCUSL's primary task is to determine which areas of the law would benefit from uniformity, and to write and recommend uniform laws to State legislatures for enactment. NCCUSL has written more than 200 uniform laws, including the Uniform Partnership Act, the Uniform Trade Secrets Act, the Uniform Probate Code, the Uniform Limited Partnership Act, and the well-known Uniform Commercial Code, a joint project with the American Law Institute. I understand that the UETA will receive final consideration at the NCCUSL Annual Meeting to be held at the end of July. If, as expected, the UETA is finally approved, it will be submitted to the States for adoption. In our view, taking into account the principles that guide the Administration's policy in this area, the current UETA draft will provide an excellent domestic legal framework for electronic transactions, as well as a strong model for the rest of the world. It is enabling, not prescriptive, and also technologically neutral. We hope that this measure will be adopted quickly by the States. The Government Paperwork Elimination Act passed by Congress last year addresses the appropriate balance to be struck by the Federal Government in selecting technologies for use in its communications with non-government entities and persons. Let me turn to the international arena, where the situation is more complicated, and where our efforts focus on ensuring that our principles form the basis for enabling electronic commerce worldwide. On the one hand, there is a broad consensus, reflected in the UNCITRAL Model Law on Electronic Commerce adopted in 1996, that communication of legally significant information in electronic form may be hindered by legal obstacles to the use of such data, or by uncertainty as to their legal effect or validity. The Model Law offers a set of internationally acceptable rules as to how such legal obstacles may be removed and a more secure legal environment may be created to facilitate electronic commerce across national borders. We are pleased that the U.S. efforts in the UETA are built on this international consensus. On the other hand, with respect to electronic authentication, at least two different legal models are developing internationally. The first is the model represented by the UETA and the UNCITRAL Model Law, which eliminates barriers to electronic agreements and electronic signatures but does not grant special legal status to any particular type of authentication. The second model provides for a greater degree of government regulation of authentication services. It allows a government to create a preference for one or more forms of electronic authentication by establishing specific technical requirements for electronic signatures and often providing a presumption that electronic contracts signed using that methodology are legally binding. The European Union's Electronic Signatures Directive, scheduled to be considered by the Parliament this fall, follows this approach. Since July 1997, we have been consulting with countries to encourage their adoption of an approach to electronic authentication that will assure parties that their transactions will be recognized and enforced worldwide. Under this approach, countries would: (1) eliminate paper-based legal barriers to electronic transactions by implementing the relevant provisions of the 1996 UNCITRAL Model Law on Electronic Commerce; (2) reaffirm the rights of parties to determine for themselves the appropriate technological means of authenticating their transactions; (3) ensure any party the opportunity to prove in court that a particular authentication technique is sufficient to create a legally binding agreement; and (4) state that governments should treat technologies and providers of authentication services from other countries in a non-discriminatory manner. We have been successful in encouraging the adoption of this approach in a variety of multilateral and bilateral contexts. In October 1998, the OECD Ministers approved a Declaration on Authentication for Electronic Commerce affirming these principles. In addition, we negotiated joint statements affirming these principles with several important trading partners, including France, Japan, Korea, Ireland, Australia and the United Kingdom. Further, we have asked UNCITRAL to consider a binding international convention on electronic transactions that would embody these principles. (A copy of this proposal is attached.) Let me now turn to the provisions of H.R. 1714. Subsection (a) of Title II requires the Secretary of Commerce, acting through the Assistant Secretary for Communications and Information, within 90 days of enactment, to complete a comprehensive inquiry to identify, among other things, any domestic or foreign impediments to commerce in electronic signature products and sources. This study would be updated annually. Although such a study would provide useful information, we of course do not have sufficient resources to examine for ourselves the legal rules of every State and every country. If a study were authorized, therefore, we would base our report upon information obtained as a result of outreach to the private sector. Title II also requires the Secretary of Commerce to promote internationally the acceptance and use of electronic signatures in accordance with principles spelled out in section 201(b)(2). As I have discussed, we believe that the global nature of electronic commerce mandates close consultation with other countries to ensure that the legal standards for the formation of electronic contracts foster, rather than obstruct, cross-border electronic transactions. We plan to continue those efforts. In general, the principles set forth in section 201(b)(2) are consistent with those that we have espoused with respect to these issues. We do have a few suggestions regarding the particular language of this section. First, we are concerned that section 201(b)(2)(C), dealing with the autonomy of parties to electronic transactions, might be read to allow government regulation of such transactions, because the modifier ``reasonable'' could be read to permit government second-guessing of the parties' choice of authentication method. In addition, the paragraph does not clearly state that agreed-upon authentication measures must be given legal effect. Second, because the fourth principle (section 201(b)(2)(D)) applies only where there is an agreement among the parties, it does not encompass the general principle that, even in the absence of an agreement, electronic records and electronic signatures should as a general matter have the same legal status as their paper equivalents. Third, these principles apply with respect to the legal framework established by governments for private commercial transactions. But governments will also be making decisions concerning authentication technology as market participants--for example in selecting the particular technology to use in entering into government contracts electronically or in providing various types of government benefits to citizens. In that situation, governments will not be able to observe the neutrality principle set forth in section 201(b)(2)(B), because they will have to choose among competing authentication providers. We would be happy to work with the Subcommittee on these and other drafting issues. Also, because the Commerce Department's current efforts with respect to these issues are led by the General Counsel's office, with support from several bureaus within the Department in addition to the National Telecommunications and Information Administration (NTIA), we request that any responsibilities conferred by the bill upon this agency be vested in the Secretary alone so that he may organize the Department's implementation of the law in the most effective and efficient manner possible. Title I of the bill focuses on the domestic legal standards governing electronic contracts. It appears to extend to both government transactions (both Federal and State) and agreements between private entities. For such agreements, section 101 requires that agreements and signatures in electronic form be given the same legal effect as written agreements and written signatures. It would also enable the parties to establish ``reasonable requirements'' regarding the types of electronic records and electronic signatures acceptable to them. With respect to private commercial agreements, as I have discussed, State law has long supplied the governing legal standards. Through the NCCUSL process, our commercial law has been made consistent nationwide and is the envy of the world. We believe that strong evidence of a problem should be required before casting aside this tried and true method for establishing the legal standards for commercial transactions. We do not believe that the case has been made for overriding this State law process. Some have expressed concern about the current lack of uniformity among the States on these issues, but they have not been able to point to any real-world problems in this specific area that are currently obstructing the development of electronic commerce. Rather, the concern appears to be that at some point in the future, the absence of uniform legal standards for electronic authentication will create a problem. The issuance of the UETA at the end of July responds directly to this concern. The States will then have the basis to adopt uniform rules. It is true that the State adoption process has in the past taken a number of years, but there is considerable eagerness among the States to foster the development of electronic commerce. Accordingly, there is reason to believe that adoption of this measure may proceed at a quicker-than-usual pace. Of course, if the States do not act in a timely manner, problems could well develop and then it would become necessary to use Federal law to fill the gap created by less than unanimous enactment of the UETA. But I believe it is appropriate to work with the NCCUSL process to urge the States to act promptly and responsibly in this area, and to give the States time to act--before creating a new regime of Federal law. Caution is also appropriate because enacting specific Federal rules may be a cure that is worse than the disease. As the UETA is adopted by the States, there may be disputes about the extent to which it satisfies the Federal standard and the extent to which State law rules left undisturbed by the UETA are nonetheless invalid under section 101 or saved by section 102(a). Although H.R. 1714 does not create a private right of action, it presumably would permit any party in an action to enforce (or invalidate) an electronic contract to argue that section 101 overrides (or saves) the State law rules invoked by the other party. Rather than creating uniformity and certainty, therefore, Federal standards might compound the uncertainty over the governing legal rules. We also have concerns about section 102(c), which would empower and require the Secretary of Commerce to bring actions to enjoin the enforcement of State statutes, regulations or rules prohibited by this Act. As a practical matter, the simple availability of this injunctive authority could undermine confidence in the validity of States' laws and regulations affecting electronic commerce, and significant use of this authority would cause additional uncertainty and delay in clarifying both State and federal laws in this area. Let me also mention some specific concerns about the language of Title I. First, section 101(b), which is designed to enable contractual systems, is limited to ``reasonable'' requirements established by the parties and therefore could lead to judicial second-guessing of the validity of an authentication method chosen by the parties. The provision also does not make clear that the type of electronic signature chosen by the parties should be accorded legal effect (as evidencing the intent of the parties to bind themselves to the terms of the contract). Second, although section 102(a) allows the States to supersede the Federal rules, paragraph (a)(3) places a two-year time limit on their authority to do so. Given the rapidly evolving nature of the Internet, and of technology in general, we do not believe it would be appropriate to limit the States' power in this manner. Third, section 102(b)(4) bars the States from superseding section 101 in a manner that ``is otherwise inconsistent with the provisions of section 101.'' Because any State measure that is preempted by section 101 would be inconsistent with that provision, this paragraph of section 102(b) could be read to eliminate all State authority to supersede section 101. Fourth, H.R. 1714's definition of ``electronic signature'' (section 104(2)) combines two separate concepts--the identity of a party to the transaction and that party's intention to be bound to the agreement, on one hand, and the integrity of the document on the other hand. The UETA separates these concepts (see the separate definitions of ``electronic signature'' and ``security procedure''). This separation is important because, for example, some methods of ``signing'' do not, by themselves, ensure the integrity of the document (but may rely on other approaches for this function), and those technological methods would appear not to receive protection under the bill's definition, regardless of the intent of the parties. Fifth, we are concerned about the effect of Title I on the ability of the Federal Government, and of State governments, to choose particular authentication methods for use in government contracting or in distributing government benefits. In making those decisions, there obviously will be rules, and perhaps statutes as well, that require the use of certain types of electronic authentication in order for the agreement to be binding. This problem could be solved by focusing Title I on government steps to enable private transactions and excluding government transactions from its scope. Thank you Mr. Chairman. I would now be happy to answer any questions you may have. DRAFT INTERNATIONAL CONVENTION ON ELECTRONIC TRANSACTIONS CHAPTER I: Proposed Goal of Chapter I: To set forth any necessary definitions. To be developed after Chapter II and III. CHAPTER II: Proposed Goal of Chapter II: In order to implement the legal rules articulated in the second section, as set forth below, it may be necessary for states to review their existing and proposed legislation to assure that it is appropriately tailored to electronic transactions. In order to facilitate such review and adoption on a harmonized basis, the following general obligations are proposed as the framework states should use to support electronic transactions on a global basis. POSSIBLE LANGUAGE: II. General Obligations To encourage the free flow of electronic transactions and to avoid the creation of barriers to these transactions, subject to overriding public policy, the Contracting States hereby agree as follows: Modification of Existing Rules and Minimal Adoption of New Rules--States shall make only those changes to their laws that are necessary to support the use of electronic transactions. Existing rules should be modified and new rules adopted only in cooperation with the private sector and where necessary. Contracting States recognize that parties to a transaction may determine the method of authentication for that transaction. Recognizing that parties may make this determination and recognizing that this determination should have the legal effect intended by the parties, the Contracting States agree as follows: Party Autonomy--Parties to a transaction should be permitted, to the maximum extent possible, to determine by contract the appropriate technological and business methods of authentication with the assurance that those means will be recognized as legally binding, whether or not those technological and business means are specifically addressed by legislation or regulation. The terms of any agreement (including closed systems) between parties governing their transaction should be enforced without regard to any statutory framework governing electronic authentication. Further, Contracting States recognize that cryptography is not the sole means of proving the source or existence of a message. Recognizing that parties may establish the source or existence of a message in different ways, Contracting States agree as follows: All Authentication Technologies and Business Methods May Be Evidence of Authenticity--Where the law requires evidence of the authenticity or integrity of a message, a party shall be permitted to use any authentication technology or business method, whether or not such authentication technology or business method has been specifically addressed by legislation or regulation. Electronic Authentication methods should not be ``locked in'' through legislative fiat but rather should allow for changing applications for existing and future technologies. Therefore, the Contracting States agree that: Technology Neutrality--Any rules should neither require nor hinder the use or development of authentication technologies. States should anticipate that authentication methods will change over time and avoid legislation that might preclude innovation or new applications. States should avoid laws that intentionally or unintentionally drive the private sector to adopt only one particular technology for electronic authentication to the exclusion of other viable authentication methods. Authentication technologies may be implemented and used by businesses in ways that were not originally envisaged when legislation was passed. Recognizing that technology may be used for purposes such as establishing age or authority, which may go beyond verifying identity and achieving non-repudiation, and recognizing that business models for authentication may not use third parties, the Contracting States agree that: Implementation Neutrality--Any rules should neither require nor hinder the use or development of new or innovative business applications or implementation models. To remove barriers to the free flow of electronic transactions and to avoid the creation of new barriers, subject to overriding public policy, the Contracting States agree that: Non-Discrimination--States shall accord to providers and users of authentication technologies and business methods of another state treatment no less favorable than it accords in like circumstances to its own providers and users of authentication technologies and business methods. Avoid Unnecessary Barriers to Trade--States should enhance the flow of cross-border electronic transactions and not create unnecessary barriers to trade. CHAPTER III: Proposed Goal of Chapter III: To recognize the acceptability of electronic signatures for legal and commercial purposes, define the characteristics of a valid electronic writing and an original document, support the admission of electronic evidence and the electronic retention of records. These provisions would be drawn from the enabling provisions of the UNCITRAL Model Law on Electronic Commerce. POSSIBLE LANGUAGE: III. Specific Obligations Contracting States recognize the work of the United Nations Commission on International Trade Law and the importance of establishing its governing provisions on a uniform, international basis. Contracting States also recognize information is increasingly generated, stored, sent, received or otherwise processed electronically, rather than in a paper based form. Recognizing these important business practices, the Contracting States hereby agree on the following: Legal Recognition of Data Messages Information shall not be denied legal effect, validity or enforceability solely on the grounds that it is in the form of a data message. [Source Model Law on Electronic Commerce Article 5] Formation and Validity of Contracts (1) In the context of contract formation, unless otherwise agreed by the parties, an offer and the acceptance of an offer may be expressed by means of data messages. Where a data message is used in the formation of a contract, that contract shall not be denied validity or enforceability on the sole ground that a data message was used for that purpose. (2) The provisions of this article do not apply to the following . . . [limited exception]. [Source Model Law on Electronic Commerce Article 11] Contracting States recognize that the formal requirements that currently exist under many legal regimes may constitute insurmountable barriers to the conduct of electronic transactions on an international basis. As a result, there is a paramount need for assuring that electronically transmitted messages are allowed to satisfy these formal requirements subject to overriding public policy. Therefore, the Contracting States agree as follows: Writing (1) Where the law requires information to be in writing, that requirement is met by a data message if the information contained therein is accessible so as to be usable for subsequent reference. (2) Paragraph (1) applies whether the requirement therein is in the form of an obligation or whether the law simply provides consequences for the information not being in writing. (3) The provisions of this article do not apply to the following . . . [limited exception]. [Source: Model Law on Electronic Commerce Article 6] Signature (1) Where the law requires a signature of a person, that requirement is met in relation to a data message if: (a) a method is used to identify that person and to indicate that person's approval of the information contained in the data message; and (b) that method is as reliable as was appropriate for the purpose for which the data message was generated or communicated, in the light of all the circumstances, including any relevant agreement. (2) Paragraph (1) applies whether the requirement therein is in the form of an obligation or whether the law simply provides consequences for the absence of a signature. (3) The provisions of this article do not apply to the following . . . [limited exception]. [Source: Model Law on Electronic Commerce Article 7] Original (1) Where the law requires information to be presented or retained in its original form, that requirement is met by a data message if: (a) there exists a reliable assurance as to the integrity of the information from the time when it was first generated in its final form, as a data message or otherwise; and (b) where it is required that information be presented, that information is capable of being displayed to the person to whom it is to be presented. (2) Paragraph (1) applies whether the requirement therein is in the form of an obligation or whether the law simply provides consequences for the information not being in writing. (3) For the purposes of subparagraph (a) of paragraph (1): (a) the criteria for assessing integrity shall be whether the information has remained complete and unaltered, apart from the addition of any endorsement and any change which arises in the normal course of communication, storage and display; and (b) the standard of reliability required shall be assessed in the light of the purpose for which the information was generated and in the light of all the relevant circumstances. (4) The provisions of this article do not apply to the following . . . [limited exception]. [Source: Model Law on Electronic Commerce Article 8] The Contracting States recognize that the inability of parties to prove the existence of electronic transactions in the event of dispute and formal judicial proceedings may itself be an inhibition to the conduct of electronic transactions. To assure the legal equivalence of electronic documents with paper based ones, the Contracting States agree that: Admissibility and Evidential Weight of Data Messages (1) In any legal proceedings, nothing in the application of the rules of evidence shall apply so as to deny the admissibility of a data message in evidence: (a) on the sole ground that it is a data message; or, (b) if it is the best evidence that the person adducing it could reasonably be expected to obtain, on the grounds that it is not in its original form. (2) Information in the form of a data message shall be given due evidential weight. In assessing the evidential weight of a data message, regard shall be had to the reliability of the manner in which the data message was generated, stored or communicated, to the reliability of the manner in which the integrity of the information was maintained, to the manner in which its originator was identified, and to any other relevant factor. [Source: Model Law on Electronic Commerce Article 9] Contracting States further recognize that requirements for record retention, which exist both as a matter of law and business practice, may prove to be obstacles for electronic transactions. The Contracting States agree, therefore, that: Retention of Data Messages (1) Where the law requires that certain documents, records or information be retained, that requirement is met by retaining data messages, provided that the following conditions are satisfied: (a) the information contained therein is accessible so as to be usable for subsequent reference; and (b) the data message is retained in the format in which it was generated, sent or received, or in a format which can be demonstrated to represent accurately the information generated, sent or received; and (c) such information, if any, is retained as enables the identification of the origin and destination of a data message and the date and time when it was sent or received. (2) An obligation to retain documents, records or information in accordance with paragraph (1) does not extend to any information the sole purpose of which is to enable the message to be sent or received. (3) A person may satisfy these requirement referred to in paragraph (1) by using the services of any other person, provided that the conditions in subparagraphs (a), (b) and (c) of paragraph 1 are met. [Source: Model Law on Electronic Commerce Article 10] Mr. Tauzin. Thank you very much, Mr. Pincus. I was just thinking about how a handshake counts in some States, as well. You go to Texas; that is as good as a signature. The Chair is now pleased to welcome the Hon. Donald Upson, the Secretary of Technology for the Commonwealth of Virginia, who has already been welcomed by the chairman of the full committee. Secretary Upson, I might note that it would be good if you had a conversation with the Secretary of Transportation. I understand you had a little difficulty getting over here today. Many of us do every morning, trying to get to work. We appreciate and welcome your testimony. STATEMENT OF DONALD W. UPSON Mr. Upson. Thank you, Mr. Chairman. I apologize for being late. I was stuck on 66. I am glad I am not the Secretary of Transportation. Mr. Chairman, Chairman Bliley, and members of the committee, it is a special privilege to be here on behalf of Governor Gilmore and the Commonwealth of Virginia, and for me personally, to talk about this important legislation for two reasons. First, you may not know I spent 13 years up here, most of which as Congressman Horton's staff director on government operations. Second, I have often wondered what it would be like to sit on this side of the table. Recalling some of your investigations, I have often preferred not to. It is a special privilege to be before this committee because I believe--and I know Governor Gilmore believes--that in terms of the technology environment for the United States, this committee has done far more than the general population appreciates in terms of setting that environment: the Telecommunications Act, the Internet Tax Freedom Act, and now digital signatures. I would like to suggest that from Virginia's point of view, the action that you are taking in considering this legislation focuses on digital signature. But is more important than that; it is about commerce. It is about the United States and the competitive advantage we have in an electronic world. The legislation, in our point of view, reflects the U.S. global framework on Internet policy, which we endorse and include as part of our comprehensive Internet proposal. We focused upon the framework established at the Federal level, which generally suggested that the private sector should continue to lead. We should be very careful about imposing standards and restrictions on a medium that has just grown incredibly fast on its own and developed its own uniformity through market forces. I am here to speak in support of H.R. 1714. First, it keeps the United States moving forward in terms of our competitive advantage by stating that where signatures are required in legally binding instruments, electronic signatures will satisfy that requirement. On the other hand, you give the contracting parties and the States the flexibility to enact standards amongst themselves that satisfy that basic fundamental requirement. This is important, we believe, for a significant reason; and that is if we impose technology standards, all of us know how quickly that technology changes. There are different levels of authentication required for different kinds of transactions. So I applaud the flexibility provided. In Virginia, I would like to say these same principles guided the formulation of our current law on electronic signatures. Our law, simply stated, establishes the following; first, where any Virginia law requires a signature, or provides for certain consequences in the absence of a signature, that law is satisfied by an electronic signature. Second, electronic signatures must meet certain functional requirements. They must be unique to the signer; capable of verification; under the signer's sole control; linked to the record in such a manner that it can be determined that any data contained in the record was changed subsequent to the electronic signature being affixed; and created by a method appropriately reliable for the purposes for which the electronic signature was used. We in the Commonwealth believe that our approach to electronic signature legislation allows the private sector to lead; avoids undue restrictions on electronic commerce; and establishes a simple, yet enforceable set of functional requirements. That is what I think the legislation that you are considering before this committee does. I think it complements what is the beauty of this medium and the electronic environment. It is doing fine on its own; but the government, being an enabler--and not an imposer or an impeder--is important. I think it is reflective of the work in this legislation. [The prepared statement of Donald W. Upson follows:] Prepared Statement of Hon. Donald W. Upson, Secretary of Technology, Commonwealth of Virginia Mr. Chairman and members of the Subcommittee, good morning. On behalf of Governor Gilmore and the Commonwealth of Virginia, I extend my appreciation for the opportunity to address members of Congress regarding the important topic of electronic commerce and, more specifically, the issue of electronic signatures. Electronic commerce over the Internet is a centerpiece of the global information revolution. Virginia is the Internet capital of the world. In addition to being the birthplace of the Internet, almost half of the Internet backbone is in Virginia and nearly half of all online service subscribers are served by companies located in the Commonwealth. Accordingly, Virginia has taken the lead in establishing model policies that empower her citizens to reap the full benefit of technological opportunities like electronic commerce. Because citizens are going on-line at an ever-increasing rate, electronic commerce is at once global, national and local in both scope and impact. Sound policy, at both the national and local level is essential for both the Internet and on-line commerce to reach their full potential. It is our hope that intelligent local policy will flow smoothly into sound federal policy, which in turn will cascade into a sensible global policy. However, inappropriate policy can be detrimental. I think this point is best illustrated by a quote from Governor Gilmore, who said, ``Government can act in ways that will enhance this new technology, speed its development and growth, and encourage the fulfillment of its potential to improve our lives. Just as surely, it can erect roadblocks to progress that result in new ideas being left to atrophy and the stream of progress slowing to a stagnant pool.'' We believe that the Commonwealth of Virginia is crafting the right local policy for Internet based commerce, a model of government facilitation of responsible industry and citizenry empowerment. Unlike other mediums, the Internet allows for an unprecedented amount of choice and control over use of the medium. Technology and market-based solutions can and should be used to address many of the concerns that have been brought on by technology and the market itself. These solutions should be encouraged because they have the potential to exceed the effectiveness of traditional legal approaches. They are fueled by competition for ``consumer satisfaction,'' which is at the heart of every business plan. As the profit motive drives companies to compete to provide better customer experience, it also sets off a race for better protections than traditional regulations would be likely to achieve. Whenever such traditional regulatory schemes are unavoidable, however, (i.e. where technology and market- based programs have been ineffective) we in the Commonwealth believe they should focus only on the responsible empowerment of citizens and industry. Once again, our approach to electronic commerce in Virginia, to include electronic signatures, has not been the traditional ``top- down'' model that provides solutions dictated by government to industry, but more of a partnership with all the individuals and groups that have an interest in the creation of technology policy. Governor Gilmore believes in a ``stakeholder'' driven process that includes industry representatives as equal partners with government to address the complex issues that surround the Internet and electronic commerce. Our approach is based upon the inventive principles detailed in the 1997 U.S. ``Framework for Global Electronic Commerce.'' As you know, this framework has been widely supported by industry. It was with these five principles in mind that Virginia recently passed the most comprehensive Internet legislation in the country. In December 1998, Governor Gilmore's Commission on Information Technology issued a series of recommendations contained in a report entitled: ``Toward A Comprehensive Internet Policy for the Commonwealth of Virginia.'' That report focussed on the expanding use of the Internet and electronic commerce in Virginia. The 1999 General Assembly adopted several pieces of legislation that, taken together, embody the Commission's recommendations for a Virginia Internet Policy Act. These principles, which reflect the need for global cooperation spurred by technological and market-driven solutions, are as follows: 1. The private sector should lead. Though government played a role in financing the initial development of the Internet, its expansion has been driven primarily by the private sector. 2. Governments should avoid undue restrictions on electronic commerce. Parties should be able to enter into legitimate agreements to buy and sell products and services across the Internet with minimal government involvement or intervention. 3. Where governmental involvement is needed, its aim should be to support and enforce a predictable, minimalist, consistent and simple legal environment for commerce. In some areas, government agreements may prove necessary to facilitate electronic commerce and protect consumers. In these cases, governments should establish a predictable and simple legal environment based on a decentralized, contractual model of law rather than one based on top-down regulation. 4. Governments should recognize the unique qualities of the Internet (and commerce over the Internet). The genius and explosive success of the Internet can be attributed in part to its decentralized nature and to its tradition of bottom-up governance. Existing laws and regulations that may hinder electronic commerce should be reviewed and revised or eliminated to reflect the needs of the new electronic age. Finally, and maybe most importantly, 5. Electronic Commerce over the Internet should be facilitated on a global basis. The Internet is emerging as a global marketplace. The legal framework supporting commercial transactions on the Internet should be governed by consistent principles across state, national, and international borders that lead to predictable results regardless of the jurisdiction in which a particular buyer or seller resides. Each one of these principles is reflected in the Virginia approach and the separate pieces of legislation and law that comprise our Internet Policy Act. For example, our encryption ``resolution'' law states that there should be no interference from government regarding the level of encryption businesses wish to employ to protect their property. Moreover, our laws regarding ``spam'' and ``content'' do not restrict any of our freedoms with undue government interference and regulation, but severely punish those individuals and groups for abusing the rights and privileges guaranteed by this medium and protects the growth of this form of commerce. These same principles also guided the formulation of the current Virginia law on electronic signatures. Simply stated, that law establishes the following: 1. Where any Virginia law requires a signature, or provides for certain consequences in the absence of a signature, that law is satisfied by an electronic signature. 2. Electronic signatures must meet certain functional requirements. They must be: (a) unique to the signer; (b) capable of verification; (c) under the signer's sole control; (d) linked to the record in such a manner that it can be determined if any data contained in the record was changed subsequent to the electronic signature being affixed to the record; and, (e) created by a method appropriately reliable for the purpose for which the electronic signature was used. We in the Commonwealth believe that our approach to electronic signature legislation: allows the private sector to lead; avoids undue restrictions on electronic commerce; and, establishes a simple yet enforceable set of functional requirements. Our approach does not discriminate in favor of or against any particular technology or company. It is also clear that if electronic signatures are to become a convenient and widely used part of everyday business, for either the private sector or for government, we must simplify the means of authenticating digital certificates. If there are dozens of sources with which you must register your private key or must go to in order to authenticate a key provided to you, the process will be too cumbersome for many to participate in, and artificially expensive for the rest. Virginia is moving to simplify the process for state government purposes and is headed in the direction of a central authentication source. While we are doing this, we must also look at what the proper role of (state) government is in facilitating or even providing a central source for authentication of certificates used in commerce and legal proceedings in Virginia. Governor Gilmore plans to issue an executive order requiring my office, with the assistance of several other state agencies, to review available alternatives and recommend a plan to facilitate the use and authentication of electronic signatures by both the public and private sectors in the Commonwealth. We hope to achieve several results once our plan is fully implemented, including more efficient and expeditious transactions between government, individuals and those businesses that contract with government. We also hope to raise consumer confidence through the use of electronic signatures in government transactions, such as renewing your driver's license on-line. Once the citizens of the Commonwealth are comfortable with these types of transactions, they will then feel more comfortable purchasing goods and services on the Internet in the private sector. Again, emphasis is on ``facilitation.'' With this important background in mind, I have reviewed the draft of H.R.1714 and offer these specific comments regarding the proposed legislation: 1. First, it is certainly prudent for members of Congress and the House Committee on Commerce to examine critical issues surrounding electronic commerce over the Internet. The Commerce Committee has always been at the forefront of technology issues, and has been especially effective under the leadership of its relatively new Chairman, Tom Bliley, and the Telecommunications Subcommittee Chairman, Billy Tauzin. One of the first, great achievements of this Committee under Chairman Bliley was enactment of telecommunications reform in 1996. Now, more Americans are going on-line in ever increasing numbers. They want to be able to conduct business over the Internet with confidence and peace of mind. Legislation, like H.R. 1714, which promotes that confidence, is most appropriate. 2. Second, national and international commerce has entered upon a sea change. The private sector of our economy is no less concerned than government with security issues surrounding the use of electronic commerce. I firmly believe that we must allow the market a chance to operate. We in the Commonwealth support the overall approach you have taken in H.R. 1714. The bill facilitates electronic commerce without placing undue restrictions on those who choose to do business on-line. It clearly supports the principles, contained in the 1997 U.S. ``Framework for Global Electronic Commerce,'' that have guided our legislative efforts in Virginia. 3. Finally, I strongly support the requirement for continued inquiry and consultation regarding impediments to electronic commerce contained in H.R.1714. It is our plan in Virginia to monitor the implementation of Web-enabled government, including electronic commerce, through the establishment of a Web-based Commonwealth ``best practices'' center. The rapid evolution of this technology demands our full attention, so that we may continue to benefit from its use. At this time, I ask that I be permitted to offer one recommendation to the Electronic Signatures in Global and National Commerce Act, and that is the following: amend this draft legislation to include a provision establishing a national best practices center to further promote on-line commerce initiatives. It is my hope that Virginia will be able to work in consultation with the Secretary of Commerce to establish a similar Web-based center at the national level. In closing, I would like to again thank you for the opportunity to present the Virginia perspective on the issues of electronic commerce and electronic signatures. We support what you are doing and stand ready to provide appropriate assistance. Mr. Tauzin. Thank you very much, Mr. Secretary. The Chair would now interrupt the proceedings and ask you all to join with me in welcoming an honored guest who has arrived and will be honored at a luncheon later today. Mr. Yoshio Utsumi, the newly elected Secretary General of the International Telecommunications Union, is with us today. Mr. Utsumi, if you would be recognized. We all want to welcome you here today. The Chair is now pleased to introduce and welcome for his testimony, Mr. Jeffrey Skogen, Internet Market Manager for Ford Motor Credit Department in Dearborn, Michigan. Jeffrey, if you would please summarize your statement for us. STATEMENT OF JEFFREY SKOGEN Mr. Skogen. Good morning, Mr. Chairman and members of the committee. I am Jeff Skogen, Internet Marketing Manager for Ford Motor Company in Dearborn, Michigan. I appreciate the opportunity to appear before the subcommittee. The Ford Motor Credit Company is the world's largest company dedicated to automotive finance, with more than 8 million customers in 36 countries. Ford Credit is continuously looking for ways to improve the value of its service that it delivers to its customers. Consumer power to choose and business' ability to meet consumers' and marketplace demands will be enhanced by the establishment of a reliable, trusted, cost-efficient flow of electronic commerce. For that reason, we are committed to harnessing the efficiencies that electronic commerce represents. Electronic commerce is the exciting medium of business growth and consumer convenience. It is integral to the rapid development of a global, information-based economy that appears destined to coexist with the traditional industrial model. Electronic signatures are a fundamental building block for electronic commerce itself. They are the key to the widespread use and acceptance of electronic commerce. H.R. 1714 would facilitate transactions on the Internet and other electronic paperless transactions for dealer and consumer contracts by assuring that they are given the full legal validity of a written contract. Our research shows that 57 percent of consumers in the market for a new vehicle within the next year prefer to research their automotive purchases online. Forty-four percent of consumers who use the Internet online services have visited a financial website. About one-third of the customers want to at least start the financing process online, according the Ford Credit's research. Ford Credit has implemented a new credit-approval process called ``Auto Apply,'' which customers can use to complete a credit application and securely send it to Ford Credit via the Internet. Ford Credit provides a decision online for the customer and their preferred dealer, usually within minutes of receiving the application at the company's website. While Ford Credit offers online approval through the dealers, its customers must still physically go to the dealership to sign the credit application and the contract. With the electronic signatures, the entire transaction could be handled online, making the process easier and more efficient for everyone involved. In addition, we offer customer electronic funds transfer online, allowing them to enroll in the program; make a change, or cancel payments drawn directly from their checking account. Uniform standards for electronic signatures would enhance the public confidence in online applications of electronic commerce like electronic funds transfer. We believe the United States should be actively involved in the development of uniform global standards for electronic signatures and commerce. The lack of uniform, nationwide rules may inhibit our country's ability to influence development beyond its borders. Therefore, it is appropriate to consider the establishment of a Federal standard or uniform guidelines. I appreciate the opportunity to appear before you this morning. I will be happy to answer any of your questions. [The prepared statement of Jeffrey Skogen follows:] Prepared Statement of Jeffrey Skogen, Internet Marketing Manager, Ford Motor Credit Company Good morning, Mr. Chairman and members of the Subcommittee. I am Jeffrey Skogen, Internet Marketing Manager for Ford Motor Credit Company in Dearborn, Michigan. I appreciate the opportunity to appear before the Subcommittee. Ford Motor Credit Company is the world's largest company dedicated to automotive finance with more the 8 million customers in 36 countries. Ford Credit is continuously seeking ways to improve the value of the services it delivers to customers. Consumers' power to choose and businesses' ability to meet consumer and marketplace demands will be enhanced by the establishment of a reliable, trusted, cost-efficient flow of electronic commerce. For that reason, we are committed to harnessing the efficiencies that electronic commerce represents. Electronic commerce is the exciting medium for business growth and consumer convenience. It is integral to the rapid development of a global information-based economy that appears destined to coexist with the traditional industrial model. Electronic signatures are a fundamental building block for electronic commerce itself and they are the key to the widespread use and acceptance of electronic commerce. H.R. 1714, the Electronic Signatures in Global and National Commerce Act, lays the foundation for nationwide acceptance of electronic signatures. H.R. 1714 begins the process of removing operational and legal obstacles to the broad-scale use of electronic commerce. In addition, the bill would promote the certainty necessary to conducting electronic commerce on a national and international basis. The ability to establish binding legal contracts between unaffiliated parties is clear when the transaction is documented on paper or, in the alternative, where the parties conduct their transactions face to face. In these physical world environments, identities of the parties are invariably firmly established and certain. In the electronic marketplace, acceptance of electronically authenticated signatures in lieu of paper signatures is necessary; without it the transaction which was advertised, negotiated and agreed upon electronically still has to be ``consummated'' with a paper document. This bill would facilitate transactions on the Internet and other electronic paperless transactions for dealer and consumer contracts by assuring that they are given the full legal validity of a written contract. Our research shows that 57 percent of consumers in the market for a new vehicle within the next year prefer to research their automotive purchase online and 44 percent of consumers who use the Internet or online services have visited financial sites. About one-third of customers want to at least start the financing process online, according to Ford Credit research. Ford Credit has implemented a new credit approval process--Auto Apply--which customers can use to complete a credit application and securely send it to Ford Credit via the Internet. Ford Credit provides a decision online for customers, and their preferred dealer, usually within minutes of receiving the application at the Company's web site. While Ford Credit offers online credit approval through its dealers, its customers must still physically go to the dealership to sign the credit application and contract. With electronic signatures the entire transaction could be handled online making the process easier and more efficient for everyone involved. In addition, we offer our customers electronic funds transfer (EFT) online allowing them to enroll in the program, make changes or cancel payments drawn directly from their checking account. Uniform standards for electronic signatures would enhance public confidence in online applications of electronic commerce like EFT. Technology neutrality is another necessary component of efficient electronic commerce. Recent advances in electronic and digital technology severely test the ability of government policymakers, regulators, and legislators to remain knowledgeable about the latest technology and its application. In addition, these rapid developments easily outdistance the traditional legislative and regulatory processes. Technology neutrality will serve to guard against regulations that quickly become outdated and impede the development of electronic commerce, both domestically and internationally. We believe the United States should be actively involved in the development of uniform global standards for electronic signatures and commerce. The lack of uniform nationwide rules may inhibit our country's ability to influence developments beyond its borders. Therefore, it is appropriate to consider the establishment of a federal standard or uniform guidelines. I appreciate the opportunity to have appeared before you this morning. I would be happy to answer any questions you may have. Thank you. Mr. Tauzin. Thank you very much, Mr. Skogen. The Chair is now pleased to recognize Mr. Daniel Greenwood, Deputy General Counsel, Information Technology Division, Commonwealth of Massachusetts. I am sure if Mr. Markey were here, he would want to issue a special welcome to you, Mr. Greenwood. STATEMENT OF DANIEL GREENWOOD Mr. Greenwood. Thank you very much, Mr. Chairman and members of the subcommittee. On behalf of the Commonwealth of Massachusetts, I really do appreciate the opportunity to testify today on H.R. 1714, the Electronic Signatures in Global and National Commerce Act, ``E-SIGN.'' I should probably depart from my remarks to indicate that you have won the important battle in this town of the best, all-time acronym for bills in this area: E-SIGN. Mr. Tauzin. That is an important title around here. We appreciate it. Mr. Greenwood. It just rolls off the tongue--back to the merits for a moment. To the extent that H.R. 1714 does facilitate a national baseline and a consistent legal infrastructure that supports electronic commerce without unduly disrupting related areas of State law, we believe that it does deserve very serious consideration; and it does deserve support. While we think the current language in certain sections ought to be looked at further, and the legislation should be honed to avoid some disruptions in related areas of State law; it does seem clear to us that the objectives of your legislation are wholly consistent with the Commonwealth's policy to assure a sound foundation for electronic commerce. Last month, the Commonwealth went on record supporting the Abraham legislation in the Senate, S. 761, which by our lights supports very similar principles. It does set a minimum national framework. When we are looking at legislation from a State perspective in Massachusetts, and evaluating whether or not it really should succeed from a preemption perspective and from a perspective of supporting e-commerce and commercial law generally; we ask these types of questions: is the legislation narrowly tailored to address existing and well-understood market failures, or failures in law? In other words, is it minimalist? Is it doing only what is necessary to right a wrong, or to facilitate a place where the free market--or at least our existing market system--is not operating optimally? Does it promote a competitive marketplace for different technologies? This has been mentioned a couple of times today. Locking into a single technology for authentication or electronic records, in our view, is not generally a good idea. Federal legislation can have a negative effect by distorting the market. We also ask whether it includes any new or expanded regulation, or other government intervention; including a legislatively created accreditation, or some other government approval or control that is necessary for technology providers or users. It is our view that, especially in the e-commerce area, we are looking at an economic sector that is quite decentralized. It is almost self-organizing and distributed, the way that it is put together. Therefore, legislation that centralizes the market players for the purpose of controlling and regulating them is a bad idea. Finally, does the legislation disrupt other bodies of law? Does it unduly preempt State jurisdiction? This is what I would like to talk about in a little bit more detail. We think there are compelling arguments that favor generally keeping governance of commerce under State jurisdiction, where it primarily exists today under the Uniform Commercial Code and related law. The provided law is sufficiently harmonized so as not to present undue barriers to interstate commerce. We think generally States are more agile. We are somewhat smaller. We can react somewhat more quickly to changing market conditions and that is going to be particularly important in this e- commerce space. However, there are certainly cases where the national interest requires that Federal action does preempt State law. This has long been accepted when States create undue impediments to interstate commerce. The fact that--as has been noted this morning, many times, so far--we have enacted so many different laws governing electronic signatures and records has clearly been a contributor to the current efforts for Federal action. If States were to quickly pass uniform law in this area, we believe that it is likely that the legitimate private-sector interests in a national baseline would be satisfied. It would be satisfied through the uniform law process. We think, in the end, this is the preferred method of creating a baseline. The draft Uniform Electronic Transactions Act, which Andy Pincus had mentioned, represents at this point the single best, most- comprehensive, legislative effort to date. It causes no serious legal disruptions in other areas of law. It comprehensively deals with many issues about contract formation, contract interpretation, and notice requirements--all of the secondary and third-level issues that are implicated when one lists legal barriers to using electronic records. There are many interdependencies with many areas of law. These people have done a very good job through a multi-year, open process, with a lot of State law experts in the public sector and the private sector deliberately going through all of these interrelated areas of law and crafting a very good, comprehensive act. We have a problem in the timing, which has been pointed out very convincingly, I think, by advocates for the private sector. They need legal reform soon. I think the objectives of the legislation today, H.R. 1714, are evidently crafted to satisfy the legitimate interests of industry to come with some baseline quicker as we wait for uniform law to evolve. Looking at the criteria I mentioned, the bill really can directly satisfy the industry needs without disrupting these other policy concerns. I would request the privilege to add an addendum to my remarks within 30 days, under House rules, for the purpose of providing some more detailed comments on some the precise provisions of the current language as they relate to some of these other areas of State law and to the emerging Uniform Electronic Transactions Act. Mr. Shimkus [presiding]. There is no one here to object, so I will let you do it. How about that? Mr. Greenwood. Thank you, sir. The long and short of it is we support the principles that appear to underlie this legislation. We would look forward for an opportunity to continue to offer any service or assistance we can to this committee and the other committees that are working on the legislation as you try to work through the very complicated issues with State law. Thank you, again, for the opportunity to testify today. [The prepared statement of Daniel Greenwood follows:] Prepared Statement of Daniel Greenwood Deputy General Counsel for the Information Technology Division, Commonwealth of Massachusetts Mr. Chairman, members of the Subcommittee, on behalf of the Commonwealth of Massachusetts, thank you for the opportunity to testify today on House Bill 1714, the Electronic Signature in Global and National Commerce Act (E-SIGN). The Commonwealth is home to many information age businesses and our state government is a robust user of electronic commerce technologies. As such, the Commonwealth of Massachusetts has had significant experience with the legal and policy implications of electronic authentication technologies. It has been the policy of the Commonwealth to promote the growth of our emerging electronic commerce industry in a non-regulatory, market-driven fashion. To the extent that H.R. 1714 facilitates creation of a national consistent legal infrastructure supporting electronic commerce without unduly disrupting related areas of state law, it deserves serious consideration and support. While the current language of the bill contains certain provisions that would benefit from further honing, it seems clear that the objectives of this legislation are wholly consistent with the Commonwealth's policy to assure a sound foundation for electronic commerce. Our desire is to indicate the ways in which this bill can be helpful and to constructively suggest some alternative formulations of certain sections for the purpose of achieving the bill's goals without causing harm to ongoing efforts at the state level to develop more uniform electronic commerce law as part of the overall uniform state commercial legal framework. Last month, the Commonwealth went on record before the Senate in support of S. 761, by Senator Abraham, which promotes a national legal base-line on certain issues related to electronic commerce transaction contracts and usage of electronic signatures and records. In an Issues Brief dated April 19, 1999, the National Governor's Association questioned the need for federal legislation, but characterized the Abraham bill as follows: ``Despite the preemption contained in the Millennium Digital Commerce Act, the legislation is fairly friendly to states' interests. The bill's scope is carefully restricted to interstate commercial transactions, over which Congress has jurisdiction through the Commerce Clause. The drafters of the bill have made a concerted effort to avoid interfering with areas of state law that involve records and signatures that are unrelated to interstate commerce.'' [http://www.nga.org/Pubs/ IssueBriefs/1999/990419FedDigitalSigs.asp] It seems clear that the Abraham bill and H.R. 1714 have very similar goals and are on corresponding tracks through each respective chamber. It is hoped that the final version of H.R. 1714 is refined so as to avoid the problems associated with undue interference with legitimate areas of state laws governing records, signatures and contracts. Assuming that such amendments occur, then this bill would clearly meet the stated interests of electronic commerce industry advocates who have voiced a desire for legal reforms to provide greater certainty in the short term. background Conventional wisdom is evolving regarding the appropriate scope of legislative action effecting electronic commerce. Despite a brief fad in the mid-1990s favoring a regulatory, technology-specific approach to electronic commerce, the vast majority of state governments have recently opted for a minimalist, non-regulatory and technology-neutral stance. Unfortunately, certain foreign jurisdictions and international organizations seem to be several years behind the United States and are currently adopting regulatory, technology specific, and centralized policies regarding electronic commerce generally. Fortunately, both H.R. 1714 and the Abraham bill reflect the U.S. preference favoring free and competitive markets, rather than government intervention. In 1995, Utah was the first jurisdiction in the world to enact ``digital signature'' legislation. Reflecting the trends of the time, this law is regulatory (it empowered a state agency to license providers); technology-specific (public key cryptography); promotes a certain business model and implementation (trusted third parties and digital certificates); increases e-commerce user liability (by limiting provider liability); and reverses age-old evidentiary rules regarding proof of signatures (by providing a presumption against the signature technology user). The passage of time indicates that this approach went too far and created unintended market distortions. In fact, it has not even been generally favored by the very industry it was enacted to promote (virtually every major certificate provider has chosen not to become licensed in the three states--Washington, Minnesota, and Utah--that attempted to regulate their fledgling product or service sector. Over the past few years, a broad convergence in activity and published policy has evidenced a solid and growing consensus that government actions effecting electronic commerce should generally be non-regulatory, technology neutral, support the rights of parties to structure their business models and technical implementations through contracts and agreements and should not tamper with rules of evidence and liability apportionment as an industrial policy setting mechanism. The last point, regarding tampering with rules of evidence, bears some additional explanation. There have been proponents of legislation at the state and the federal level which would create an evidentiary presumption against the user of an electronic signature. The rationale was that receivers of electronically signed messages deserve special government protection. This rationale fails to recognize that the proponent of such evidence should be the party with the burden to prove that the signature occurred. Likewise, the receiver of the signature is in the best position to judge the reliability of the authentication in the context of the value of the transaction, and they are the party most likely to have the relevant evidence that a signature was presented to them. Again, both H.R. 1714 and the Abraham language reflects these time-honored legal principles. The application of these general principles to electronic commerce is swiftly gained wide acceptance over the past few years. In the 1997 Framework for Global Electronic Commerce, the Clinton Administration articulated principles supporting a technology-neutral approach to electronic commerce, and opposing regulation. Likewise, in 1997, the Internet Law and Policy Forum drafted a set of principles that promoted a thriving market and strongly resisted regulation (see: http:// www.ilpf.org/digsig/principles.htm). And in the Telecommunications Act of 1996, Congress expressly found that ``[t]he Internet and other interactive computer services have flourished, to the benefit of all Americans, with a minimum of government regulation'' and declared that ``[i]t is the policy of the United States . . . to preserve the vibrant and competitive free market that presently exists for the Internet and other interactive computer services, unfettered by Federal or State regulation.'' The Commonwealth was pleased to work with Senator Abraham's office and the office of Congresswoman Eshoo on the Government Paperwork Elimination Act last session, which also largely embodied these principles. Over the past two years innumerable additional such positions, statements and policies among states and the federal government as well as from various private organizations. general criteria for legislation The success or failure of legislation governing e-commerce this session should be based on the answers to five fundamental questions. 1. Is the legislation narrowly tailored to address existing and well understood market failures? Another word for this is ``minimalist'' in other words, limited to address only what is currently necessary and appropriate. The chances of ``doing no harm'' are increased dramatically when government intervention in the private market is closely restricted to fixing specific and demonstrated problems that the market and existing laws have failed to address. This is especially true in the fast growing and dynamic area of electronic commerce. Relatively small changes in law can have the effect of chilling competition or otherwise distorting the free evolution of efficient solutions in the quickly moving and difficult to predict e-commerce field. Specifically, legislation that focuses on or includes provisions dealing with business or consumer rights or liabilities connected with the use of a public key infrastructure or other particular technologies that are not yet widely used may create harmful and unnecessary results. The actual problems may well turn out to be different than the projected issues. 2. Does it promote a competitive marketplace for different technologies? Legislation should promote, rather than chill, competition. That means Congress should avoid legislating a market winner. Another way to look at this criteria would be: ``is it technology-neutral or does it give a special legislative 'leg up' to a given technology, business model or implementation available for general use in the market?'' It is unfortunately common that special interests that stand to benefit from market intervention often lobby for such government action. In the case of electronic commerce, however, it seems clear that the best government action with respect to promotion and facilitation of that market is usually no action at all. By enshrining a given technology in legislation, government action may have the counter-effect of reducing incentives for further improvements and innovations. Legislation can distort the technology markets by regulating the security or reliability criteria that must be applied to create an electronic signature even if it stops short of specifying the particular technology necessary. These types of criteria usually include a requirement that the signature technology is under the ``sole control'' of the signer and that it can detect or prevent any change to the signed record. These particular implementations may be appropriate in some, perhaps many, situations. However, the specific security features necessary and appropriate will differ dramatically depending upon the transaction and the parties' needs. For example, a ``signature machine'' (e.g. an institutional check signing mechanism) is clearly not under the ``sole control'' of the signer. In fact, it is doubtful that a treasurer, comptroller or CFO of an institution has any direct contact at all. The same is true of non-check organizational authentication of many types. It is accessible to several authorized individuals and there are internal controls and systemic security measures in place. Similarly, many popular and adequately safe authentication implementations do not, by themselves, detect or prevent alteration of underlying data. Most PIN and password systems in use today in banking, healthcare, commerce and elsewhere do not possess this specific feature. Nor do many biometric products. Current implementations live or die based on buyers and users making cost, benefit and risk judgements about the amount of reliability and types of security features needed. Well-intentioned attempts by legislators to come up with a ``one size fits all'' approach to signature technology features are doomed. The Uniform Electronic Transactions Act at one time had such criteria, but based upon months of discussion it now reflects and supports the common law definition of signature: any symbol executed with the intent to sign. In narrow cases where legislation is dealing with specific user communities (like a Securities context or a Consumer Protection issue) then it may be appropriate to specify more specific requirements, but general legislation covering every economic and social sector should never distort the competitive and open market for electronic signature and records technologies. 3. Does it include any new or expanded regulation or other government intervention, including legislatively created ``accreditation'' through government approval or control over technology suppliers or users? It is increasingly obvious that the United States stands at the opening of a substantively different economic and societal phase: some call it the information society. The economic impacts are profound. Decentralized, self-organizing and distributed systems are gaining dominance. Old industries built on intermediating relationships are disappearing as the Internet and other technologies eliminate the barriers that created a need for such middle-men. Fast changing, dynamic, and rapidly growing markets are evolving before our eyes--in many cases, markets which are little understood. Unfortunately, some advocates continue to promote industrial-era policy designed for economic and social conditions of the last century. Industrial organizations were inherently centralized and regulations were correspondingly focused at the ``choke points.'' Internet-mediated communications and new forms of relationships between parties are often--and increasingly--organized differently. Centralization of market participants for the sole purpose of making them easier to regulate for government is wrong. And such a policy risks killing the goose to control its eggs. Requiring government licensure of market suppliers or setting up so-called ``self regulatory organizations'' (which in fact are under the thumb of federal or state regulators) is antithetical to the new economy. Absent serious market failures, government should resist erecting new oversight and control mechanisms over any part of electronic commerce. There are, of course, a large number of existing statutes, regulations and legal doctrines that create a floor of behavior to handle crime, fraud, and threats to national security. These laws currently appear to be quite adequate to prevent known harms. One useful policy approach is modeled in the draft report developed by the NACHA Certificate Authority Ratings and Trust Task Force, which seek to give parties helpful guidelines, including detailed policy and contractual terms, to assist in the creation of legally enforceable and reliable implementation of authentication technology (background information at: www.state.ma.us/itd/legal). This is an example of a ``bottom up'' approach rather than an approach that favors central policy making or regulatory oversight. Legislation should simply lift legal barriers and thereby allow parties to use existing bodies of law, such as contract law, to tailor their transactions to their own needs. Ultimately, as national standards and practices emerge, they will be based upon actual proven market experience and they will be far better than any scheme anyone can dream up today through central planning. The current draft 1.0 of the NACHA CARAT Guidelines is available at: http:/ /internetcouncil.nacha.org/CARAT/CARAT921.DOC on the web. A ginchy example of contractually based Operating Rules that are consistent with the CARAT Guidelines can be found at http://www.emall.isa.us/ (a multistate electronic commerce procurement project to buy goods over the web from several private vendors). 4. Does the legislation disrupt other bodies of law or unduly preempt state jurisdiction over commercial law? There are compelling arguments in favor of generally keeping governance of commerce under state jurisdiction, provided the law is sufficiently harmonized so as not to present an undue barrier to interstate commerce. States are far more agile than the federal government in responding quickly to changing market conditions. As such, states serve as important laboratories of innovation in the realm of public policy and law. The arguments are particularly strong for continuing state primacy in the context of electronic signatures, records and contracts, because a signature or a record requirement arises under innumerable other areas of state law. A single federal law that purported to grant legal equivalency for electronic signatures, for example, would almost certainly have the effect of creating significant disruptions in areas of state law that have nothing to do with commerce, such as wills, trusts, powers of attorney, consumer protections, real estate deeds, negotiable instruments, notice requirements, elections law, hospital regulation, and state criminal justice laws. Massachusetts, for example, has some 4,515 different sections of law that relate to a signing or writing. (See: http://www.state.ma.us/itd/legal/siglaw4.doc ) However, in some cases, the needs of the nation require that federal action preempt state law. This has been long accepted where states create undue impediments to interstate commerce. The fact that states have adopted such a dizzying array of different laws dealing with electronic signatures and records has been a major contributor to the current efforts for federal action. If states quickly pass uniform law in this area, it is likely that legitimate private sector interests in a national baseline will be satisfied through uniform state law. This is the preferred method of creating the base-line because the draft Uniform Electronic Transactions Act (UETA) clearly represents the single best, most comprehensive, well principled legislative effort to date and, importantly, it causes few or no serious legal disruptions or other harm because it is finely integrated with other areas of law. No federal law yet proposed (or likely to emerge) can claim the same features--in part because the National Conference of Commissioners on Uniform State Law has sponsored a multi-year deliberative process in which interested parties from the public and private sectors have collaborated in open forums to work through these complex and subtle issues. However, to the extent that commercial interests make a convincing case that faster action is needed than can be accommodated via the uniform law process, then the Commonwealth has already gone on record as supporting narrow and temporary federal ``bridge'' legislation to produce the necessary legal national base-line. The key criteria for any such bridge legislation is that it must be narrowly tailored to address only those matters upon which immediate action is needed (as distinct from matters that can wait for uniform state law) and that it provide a statutory mechanism that reverts jurisdiction back to the states upon adoption of a consistent base-line legal framework. Since the UETA appears poised to shepherd in such a framework, any federal law in this arena should recognize and promote this uniform law effort. 5. Does the legislation give an undue competitive advantage in this new market to a single industry or economic sector over participants of other economic sectors? Legislation should not grant any particular sector a special leg up by government. If legislation lifts general legal barriers or solves general problems for only a specific sector of the economy, then an undue competitive advantage may result in unfortunate market distortions. Promoting competition among different sectors in this area is good because many of the problems are far from being solved, and each sector bring its own resources, expertise and approaches to the solutions. Legislation granting special presumptions or validity upon electronic authentication when it is supplied only by vendors in a single market (say, by telecom companies, or network service providers, or licensed attorneys, or even financial institutions alone) runs the risk of ultimately harming, rather than promoting, optimal technical and business-model solutions that would arise from highly competitive marketplace interactions. summary and conclusion In summary, the apparent goals of H.R. 1714 are worthy of support. Private sector representatives have made a strong case before the House and Senate that some action is needed in the shorter term. The objectives of this legislation are evidently to satisfy these legitimate interests of industry without unduly harming related areas of state law. Review of the bill based upon the five question asked above indicates that this legislation, with some modifications, can directly satisfy key principles for electronic commerce legislation. I request the privilege to add an addendum to these written remarks within the next 30 days which will provide more detailed comments on the precise provisions of the current legislative language as they relate to state law and to suggest possible alternative formulations. We anticipate these comments will focus largely on limiting the scope of Title I to contracts effectuating interstate commerce transactions (as opposed to including all agreements that may affect interstate commerce); assuring that the operative provisions of the law merely accord legal status upon electronic transactions that is equivalent to what those transactions would receive if they were carried out via other media (as opposed to granting whole new categories of rights and responsibilities only for electronic transactions); assuring that the formula for states to retrieve jurisdiction under the overall framework of existing commercial law is clear and promotes enactment of the UETA or an equivalent uniform law; minimizing or eliminating federal administrative oversight over state government affairs; and conforming definitions of electronic signatures and other key terms to existing and emerging bodies of law governing electronic transactions. Please do not hesitate to call upon my office as a supportive resource as this legislation continues to evolve. It is my sincere hope that we can assist you as you seek to hone some of the provisions of this bill to conform more closely to the principles set out above. Again, thank you for the chance to share our views today. Mr. Shimkus. Thank you. Our next witness is Mr. Ari Engelberg, Vice President of Strategic Web Development, Stamps.Com. Of course, your written statement is in the record. You may summarize for 5 minutes. Welcome. STATEMENT OF ARI ENGELBERG Mr. Engelberg. Mr. Chairman and members of the subcommittee, my name is Ari Engelberg. I am a founder of an Internet company called Stamps.Com. Stamps.Com, working in conjunction with the Information Based Indicium program at the United States Postal Service, has developed an exciting mainstream application of digital signature technology. I thought I would use my few minutes here this morning to tell you about a little bit about how our technology works and how it relates to this bill. What we are is one of the first companies to develop an e- commerce system that enables individuals and businesses to purchase and print U.S. postage over the Internet using nothing more than an ordinary laser or ink-jet printer. Our service is a simple one. Users download a small piece of software from our website, or from the website of one our partners. After a short registration process, which includes U.S. Postal Service meter licensing, users may purchase postage through a variety of payment methods including wire transfers and credit or debit cards. The postage payment is then transferred directly to the Postal Service. To print postage, users log onto their accounts on our postage servers over an encrypted link and designate a delivery address. The postage servers then perform a variety of functions. The user's postage balance is debited by the appropriate amount. Spelling and zip-code mistakes in the address are corrected by a national address data base to ensure higher address quality and more efficient mail piece routing through pre-barcoding. Most importantly, a digital signature is generated for each stamp, using a cryptographic key unique to each user. The digital signature is then sent back across the link to the user's P.C., where it is encoded in a two- dimensional barcode. This barcode is the security-critical portion of the Postal Service's new Information Based Indicium. Each of you has in front of you an envelope which is adorned with Internet postage. That is live postage and you may take that back and mail it back to your district office. The barcode on the envelope can be scanned using a hand-held or a stationary device. Through a system that connects the cryptographic keys generated by our postage service to a certificate authority maintained by the Postal Service, the authenticity of a given stamp can be ascertained. This system provides tremendous advantage to users. Postage is available 24 hours a day, 7 days a week from the desktop. Addresses are corrected by our data base to increase delivery reliability. Postage can be printed from within the word processors and personal information managers upon which so many small business professionals already rely. By transforming what was once a product--postage meters, into a service--Internet postage; Stamps.Com has fundamentally altered cost structures in this industry, making postage convenience more affordable to a broader share of the business and consumer population than traditional postage meters. The enterprise comprises one of the most complex, highly secure electronic commerce systems ever developed. It has been 2\1/2\ years in the making. Our system involves sophisticated cryptography, advanced data center operations, and secure financial transactions. The advantages of this advanced system are enabled by the security of the Information Based Indicium, and the security of a strong digital signature as a means of authentication of postage value. H.R. 1714 provides a welcome legislative foundation for furthering e-commerce by explicitly legitimizing electronic signatures as proof of contract acceptance. For the purposes of this discussion, each or indicium, or stamp, is a micro- contract authenticated by the electronic signature between Stamps.Com, the Post Office, and the customer. That is; if the customer uses Stamps.Com to pay for and print U.S. postage, the Post Office will deliver the mail. This contract, and the opportunity to offer this service, is made possible by the integrity, authenticity, and non-reputability of a strong digital signature. Thus, Stamps.Com strongly supports H.R. 1714. Thank you for the opportunity to testify. [The prepared statement of Ari Engelberg follows:] Prepared Statement of Ari Engelberg, Founder, Stamps.com, Inc. Mr. Chairman, Members of the Subcommittee: My name is Ari Engelberg. I am a founder of an Internet company called Stamps.com. Stamps.com is one of the first companies to develop an e-commerce system that enables individuals and businesses to purchase and print US postage over the Internet using nothing more than an ordinary laser or inkjet printer. Two and a half years ago, Stamps.com was founded upon the promise--and reality--of electronic commerce. Indeed, we have developed one of the few e-commerce applications to make possible the purchase and delivery of a product--in our case US postage--entirely online: the payment and service are bits; the inventory and shipment, ones and zeroes. Our service is a simple one. Users download a small piece of software from our web site, or the web site of one of our partners. After a short registration process, which includes US Postal Service licensing, users may purchase postage through a variety of payment methods including wire transfers and credit or debit cards. The postage payment is transferred directly to the Postal Service To print postage, users login to their accounts on our Postage Servers over an encrypted link and designate a delivery address. The Postage Servers then perform a variety of functions: The user's postage balance is debited by the appropriate amount. Spelling and ZIP Code mistakes in the address are corrected by a national address database to ensure higher address quality and more efficient mailpiece routing through pre-barcoding. And, most importantly, a digital signature is generated for each stamp using a cryptographic key unique to each user. The digital signature is then sent back across the link to the user's PC, where it is encoded in a two-dimensional barcode. This barcode is the security-critical portion of the Postal Service's new Information Based Indicium. It can be scanned using hand-held or stationary devices, and through a system that connects the cryptographic keys generated by our Postage Servers to a Certificate Authority maintained by the Postal Service, the authenticity of a given stamp can be ascertained. The system provides tremendous advantage to users. Postage is available 24 hours a day, 7 days a week from the desktop. Addresses are corrected by our database to increase delivery reliability. Postage can be printed from within the word processors and personal information managers upon which so many small business professionals already rely. And, by transforming what was once a product (postage meters) into a service (Internet Postage), Stamps.com has fundamentally altered cost structures in this industry, making postage convenience more affordable to a broader share of the business and consumer population than traditional postage meters. The enterprise comprises one of the most complex, highly secure electronic commerce systems ever developed and has been two and a half years in the making. Our system involves sophisticated cryptography, advanced data center operations, and secure financial transactions. The advantages of this advanced system are enabled by the security of the Information Based Indicium, by the security of a strong digital signature as a means of authentication of postage value. However, while digital signature technology affords Stamps.com and companies like ours the opportunity to take advantage of the efficiencies and immediacy of ecommerce, it also imparts upon us a responsibility towards our customers and partners, a responsibility to secure each and every transaction against mistake or misuse. H.R. 1714 provides a welcome legislative foundation for furthering ecommerce by explicitly legitimizing electronic signatures as proof of contract acceptance. In its current form, however, H.R. 1714 leaves open a prospect for abuse. While H.R. 1714 aims to achieve vendor- neutrality, in the world of ecommerce not all algorithms are created equal. In Stamps.com's business, electronic signature technology ensures that each indicium is unique and cannot be created fraudulently. Moreover, it ensures that each indicium cannot be hacked or spoofed or electronically replayed--all favorite tools of electronic criminals. For purposes of this discussion, each indicium is a micro-contract, authenticated by the electronic signature, between Stamps.com, the Post Office, and the customer. That is, if the customer uses Stamps.com to pay for and print US Postage, the Post Office will deliver the mail. The Stamps.com application was developed using published and government-approved encryption standards. Sound encryption requires years of open testing to expose and remedy flaws. For that reason, the government has issued standards for a variety of encryption and digital signature algorithms, the Federal Information Processing Standards. These standards provide a base-level of protection that the private sector often uses or exceeds. H.R. 1714 provides for no base-level of protection and potentially leaves open the exploitation of contracting parties with little or no experience with relatively complex technical issues. If companies are allowed to choose any ``reasonable'' method, they may choose one that is weak enough to be attacked and exploited to falsify contract acceptance. Furthermore, any algorithm, no matter how tried-and-true, is susceptible to failure if implemented incorrectly. Thus, it is my company's belief that H.R. 1714 should contain some reference to the fact that not all electronic signature methods are ``reasonable'' and that parties should be encouraged to investigate and choose electronic signature methods that meet their specific needs for security and ease of use. Thank you for the opportunity to speak before this Committee. Mr. Shimkus. Thank you. Our next panelist is Mr. John Siedlarz. Before I do that, I want ask unanimous consent that we give all witnesses 30 days to include any--obviously, I am not going to object. You will get questions, probably, that members may ask you to respond to in writing. Without objection, I request unanimous consent for 30 days for that response to be received for the official record. And, now, the next panelist, Mr. John Siedlarz, President and CEO of IriScan, Incorporated. Welcome. You have 5 minutes. STATEMENT OF JOHN E. SIEDLARZ Mr. Siedlarz. Thank you, Mr. Chairman. Good morning, Mr. Chairman and members of the committee. Mr. Shimkus. Pull that mike closer to you. Thank you. Mr. Siedlarz. In addition to being president of IriScan, I am also the vice chairman of the International Biometric Industry Association. The Association very much appreciates the opportunity to speak to you today and comment on H.R. 1714. As one example of the technologies that are covered by the Association, IriScan--my company--develops a leading biometric product that identifies and authenticates individuals through the unique iris pattern of the eye, the visible colored ring surrounding the pupil. I wanted to pass this on to Chairman Tauzin on his comment about dogs. Not only can we make a sharp distinction between humans--an absolutely positive one; but we can tell the difference between a dog and human. We will shortly be able to be in the position of being able to tell the difference between the dogs that are on the Internet. I would appreciate it if you would convey that to him. The IBIA is a trade association that represents many technologies, and the interests of the biometric industry as a whole. It includes groups of proven technologies that identify or verify individuals based on physiological characteristics. In other words, what you are; not what you hold or what you do--a very important distinction that I would like to focus on later in comparing how you use biometrics with an encryption for a more secure transaction. Biometric identification and verification are accomplished by using computer technology in non-invasive ways to match patters of live individuals in real time against enrolled records. Examples include products that recognize faces, hands, fingers, signatures, irises, voices, and fingerprints. Biometrics are most commonly used to safeguard international borders; protect computer network security; control access to sensitive work sites; authenticate financial transactions; verify time and attendance; prevent benefits fraud, and provide secure transactions on the Internet. Biometrics, in sum, are excellent means to secure privacy and prevent identity theft. IBIA supports H.R. 1714 and the efforts of Chairman Bliley and the committee to move this legislation forward. We specifically endorse the attempt to make sure that the technology is essentially neutrally identified, as far as the legislation concerned. Our only argument with the bill--and it is a very small one--is in the language in section 104, which defines an electronic signature as, ``A signature in an electronic form.'' We think that it is appropriate to have that language broadened slightly, maintaining the focus on neutral technology approaches in the legislation; and be consistent with what the Senate dealt with in S. 2107, the Government Paperwork Elimination Act, last year. Based on testimony from expert witnesses, the Senate chose to strike language that would favor a digital signature; and instead substituted the technology-neutral phrase, ``electronic authentication.'' The specific reason for this action was to avoid a constricted definition that would have the combined effects of unnecessarily restricting the market for biometric products; creating a competitive advantage for a small group of solutions; and freezing options for substituting newer technologies as they are perfected. Once again, we wanted to emphasize that in our view, the growing recognition among the community is that the combination of encrypted data and biometrics at either end of the transaction, in effect, provide the only means of a secure solution for transactions on the Net. Biometrics cannot do that by themselves. Encrypted data cannot do it by itself. It is the combination of those two technologies which, I think, is being recognized. I think this bill ultimately supports that in its technology-neutral language. The IBIA strongly encourages the committee to take a similar approach to the action in the Senate. This can be accomplished by rewording the first part of the definition contained in section 104 to read as follows, ``Electronic signature. The term ``electronic signature'' means a biometric or other sequence of data in electronic form.'' This change would ensure that the bill does not rule out the use of sound biometric authentication solutions that have been specifically designed to accomplish the purpose of the bill. The IBIA thanks both subcommittees for this opportunity to express its views in supporting H.R. 1714. I would welcome your questions about biometric technologies and their relevance to this important bill. Thank you, Mr. Chairman. [The prepared statement of John E. Siedlarz follows:] Prepared Statement of John E. Siedlarz, President and Chief Executive Officer, IriScan, Inc., on Behalf of the International Biometric Industry Association My name is John Siedlarz. I am President and Chief Executive Officer of IriScan, headquartered in Marlton, New Jersey. I am also Vice Chairman and a member of the Board of Directors of the International Biometric Industry Association (IBIA). IBIA very much appreciates the opportunity to testify before you today. IriScan develops a leading biometric product that identifies and authenticates individuals through the unique iris pattern of the eye-- the visible colored ring surrounding the pupil. IBIA is a trade association that represents the interests of the biometric industry as a whole. Biometrics include a group of proven technologies that identify or verify individuals based on physiological characteristics. Biometric identification and verification are accomplished by using computer technology in noninvasive ways to match patterns of live individuals in real time against enrolled records. Examples include products that recognize faces, hands, fingers, signatures, irises or irides, voices, and fingerprints. Biometrics are most commonly used to safeguard international borders, protect computer network security, control access to sensitive work sites, authenticate financial transactions, verify time and attendance, and prevent benefits fraud. Biometrics, in sum, are excellent means to secure privacy and prevent identity theft. IBIA supports the intent of Chairman Bliley and his co-sponsors to recognize the economic potential of e-commerce, and to update our laws to specify how electronic documents can be properly authenticated in the digital age. We believe that Chairman Bliley's bill, H.R. 1714, ``The Electronic Signatures in Global and National Commerce Act,'' would both encourage and protect the use of electronic records in national and international commerce. This is an essential step toward automating cumbersome processes that can otherwise hinder trade and stifle economic growth. If the bill became law, complex and highly confidential transactions in banking, real estate, securities, and retail sales, in particular, will be quicker, far more secure, and much more efficient. The biometric industry has one concern about the bill--the wording of Section 104, which defines an ``electronic signature'' as ``a signature in electronic form.'' This definition could be construed to mean that only a limited range of signature-based technologies are acceptable. Last year, the Senate dealt with this same issue while deliberating the provisions of S. 2107, ``The Government Paperwork Elimination Act.'' Based on testimony from expert witnesses, the Senate chose to strike language that would favor a ``digital signature,'' and instead substituted the technology-neutral phrase, ``electronic authentication.'' The specific reason for this action was to avoid a constricted definition that would have the combined effects of unnecessarily restricting the market for biometric products, creating a competitive advantage for a small group of solutions, and freezing options for substituting newer technologies as they are perfected. The IBIA strongly encourages you to take a similar approach. This can be accomplished by rewording the first part of the definition contained in Section 104 (2) to read as follows: ``ELECTRONIC SIGNATURE--The term `electronic signature' means a biometric or other sequence of data in electronic form, attached to or logically associated with an electronic record, that . . .'' This change would ensure that the bill does not rule out the use of sound biometric authentication solutions that have been specifically designed to accomplish the purpose of this bill. The International Biometric Industry Association thanks both subcommittees for this opportunity to express its views about H.R. 1714. I would welcome your questions about biometric technologies and their relevance to this important bill. Mr. Tauzin. Thank you very much, Mr. Siedlarz. I understand you made the case for identifying dogs? Mr. Siedlarz. I have, indeed. Mr. Tauzin. My wife would contest that, by the way. She thinks our dogs are humans, so that would be a problem. We are pleased now to welcome Mr. Christopher Curtis, Associate General Counsel of Capital One, here in Falls Church, Virginia. Welcome, Mr. Curtis. STATEMENT OF CHRISTOPHER T. CURTIS Mr. Curtis. Good morning. I am Christopher Curtis, Associate General Counsel of Capital One Financial Corporation. I appreciate the opportunity to testify today in support of H.R. 1714. Capital One is one of the world's largest issuer of credit cards, and a direct marketer of consumer and small business lending products. We are also a pioneer in the direct marketing of wireless telephone service through our subsidiary, America One Communications. On behalf of Capital One, I would like to thank the subcommittee for considering this legislation. I hope you will report favorably on it. The world of online commerce is exploding all around us, offering more efficient commerce, and hence, greater wealth for all Americans. However, further development of electronic commerce may be impeded by the issue of online authentication: the means by which one party, such as a merchant or financial institution knows who it is dealing with; as well as the issue of online signature: a means by which a party legally binds itself to a transaction. Without resolution of those issues, we fear that parties will be reluctant to enter into larger transactions with numerous and remote counter-parties. I will refrain from any technical discussion of the electronic signature technologies currently available. Instead, I want to endorse what I see as the two basic principles of this legislation. First, the bill establishes a national principle of recognition of electronic signatures. Second, the bill rejects any prescribed technical standard and instead allows the marketplace to decide what technologies are best. By establishing a uniform rule of recognition, the bill provides what we see as the keystone in a sound legal architecture for electronic commerce. In the current chaotic legal environment, the validity of electronic transactions is governed by the law of each State. A number of States have moved to recognize electronic documents and signatures, but not in a consistent manner. Electronic signatures that are valid in one State may not be valid in another State. Moreover, some States still don't recognize electronic signatures at all. While there is the uniform State process which is underway, as has been discussed this morning, we know that may take a long time, and may not in the end, in fact, result in a uniform product. Sometimes the uniform process does not. As a result of the current situation, individuals and companies doing business on the Internet face considerable uncertainty as to the enforceability of their transactions. There is a significant concern that a party to an agreement can simply deny making the agreement. The ability to do so opens the door to fraud in electronic commerce and hinders growth in this medium. We will never achieve the full potential of electronic commerce until agreements entered into on the Internet are valid and enforceable. We also support the bill's principle of free development of electronic signature technology. This will allow the market, not the government, to determine the desirability of a specific technology. We at Capital One would not presume to tell you what electronic signature technology is best. Even if we could, what is best today may not be best 5 years now, 10 years from now, or even 1 year from now. The proposed legislation takes the right approach by insisting that those issues be left to human ingenuity as tempered in the marketplace. In conclusion, Capital One strongly supports the enactment of H.R. 1714. We believe it provides the best legal basis for unleashing the Internet's potential to transform commerce. We are grateful for the leadership of Chairman Bliley in introducing this legislation; and to the subcommittee for considering it. Thank you for the opportunity to testify before you today. [The prepared statement of Christopher T. Curtis follows:] Prepared Statement of Christopher T. Curtis, Capital One Financial Corporation Mr. Chairman and Members of this Subcommittee, my name is Christopher Curtis. I am Associate General Counsel of Capital One Financial Corporation, headquartered in Falls Church, Virginia. I appreciate the opportunity to testify today on H.R. 1714, the Electronic Signatures in Global and National Commerce Act. The subject of electronic signatures is an important one to Capital One, to the national economy, and, we think, to the world. First, a word about Capital One. Through our subsidiary credit card bank and thrift, we are one of the world's largest issuers of credit cards and a direct marketer of consumer and small business lending products. We are also a pioneer in the direct marketing of wireless telephone service through our subsidiary, America One Communications, Inc. As of March 31, 1999, Capital One had $17.4 billion in managed loans outstanding and over 18 million customers in the United States, Canada and the United Kingdom. We have over 12,000 employees based in Virginia, Texas, Florida, Washington State, Massachusetts, and the United Kingdom. In each of the last four years, Capital One surpassed its goals of achieving annual earnings growth and annual return on equity of at least 20% and is on track to surpass that goal this year as well. In 1998 alone, we added nearly 5 million net new customers and are currently adding new customers at the rate of 15,000 net new accounts a day. To support that account growth, our Company hired 4,500 new employees during 1998 and expects to hire at least 3,500 additional employees in 1999 across all of our sites. On behalf of Capital One, I want to thank the Subcommittee for considering the legislation that is before you today, and I hope that you report favorably upon it. The world of on-line commerce is exploding all around us. Its capacity for enabling more efficient commerce and hence greater wealth for all Americans, as well as residents of other nations, is so large that it cannot be quantified and can scarcely even be envisioned. Significant burdens to further development of electronic commerce, however, are the issues of on-line authentication--the means by which one party, such as a merchant or a financial institution, knows who it is dealing with--and on-line signature, a shorthand expression for a party's legally and formally binding itself to a transaction. Without resolution of those issues, parties will be reluctant to enter into larger transactions with more numerous and remote counterparties. Their reluctance will be grounded in practical concerns about fraud, and also about the risk that a counterparty could disavow a transaction under a state's statute of fraud or related legislation or doctrines. I will refrain from any technical discussion of the electronic signature technologies currently available--indeed, one of the virtues of the proposed legislation, as I will describe in a moment, is that it rejects any prescribed technical standard or approach to the problems of on-line authentication and signature--but instead discuss what I see as the two basic principles of the legislation, both of which Capital One strongly supports. They are, first, the establishment of a national principle of recognition of electronic signatures; and second, the adoption of what we at Capital One call an ``open platform'' approach to technology, allowing the marketplace to decide what technologies are best. I will discuss those two principles in order. National Recognition The proposed legislation takes the essential step of establishing a uniform rule of recognition, which we see as the keystone in a sound legal infrastructure for electronic commerce. The current legal environment, in which the validity of electronic transactions is governed by state law, can fairly be described as chaotic. While a number of states have moved to recognize electronic documents and signatures, states have not done so in a consistent manner. Valid electronic signatures in one state may not be valid in another state. Moreover, some states still do not recognize electronic signatures at all. As a result, individuals and companies doing business on the Internet face considerable uncertainty as to the enforceability of electronic transactions. In fact, the single biggest problem that parties face in conducting business on the Internet is that of repudiation. Under the current environment, there is a significant concern that a party to an agreement can simply deny making the agreement. The potential ability to repudiate an electronic agreement opens the door to fraud in electronic commerce and hinders growth in this medium. Ultimately, we will be unable to achieve the full potential of electronic commerce until agreements entered into on the Internet are valid and enforceable. While those issues are also present in that older medium of paperless remote commerce--the telephone--Internet commerce, because of its greater speed, power, and flexibility, offers immensely greater opportunities for abuse and fraud. This problem cannot be adequately addressed at the state level because of the inconsistencies in state law. Currently, state law determines whether or not there was an enforceable contract and whether that contract was valid. This creates significant uncertainty for Internet transactions. For example, imagine a scenario in which Capital One, a Virginia company, maintains a web site on a server in our facilities in Texas and enters into an electronic contract with an individual residing in California. In determining whether the contract is valid, it is not clear which state's law applies. Thus, in order to ensure that an individual or a company is entering into an enforceable transaction, a company or a consumer doing business across the country may need to comply with the different, and possibly conflicting, laws of a number of different states depending on where the other parties to the transaction are legally located. As a practical matter, this uncertainty and duplication will increase the cost of doing business electronically as individuals and businesses seek to comply with the laws of all fifty states and other relevant jurisdictions or simply forego electronic commerce at levels that they would otherwise find desirable. Open Platform We also support the bill's open-platform approach to electronic signature technology. By permitting a number of different technologies that meet minimum standards to qualify as electronic signatures, the bill will foster technological innovation. A number of different signature technologies, including promising new technologies, may easily be incorporated into the legal framework established by this bill. This will allow the market, and not government, to determine the viability and desirability of a specific technology. An open environment will also keep the cost of electronic signature technology in check by allowing a number of competing technologies to emerge in the market without bestowing a monopoly on a single company or technology. We at Capital One would not presume to tell you what electronic signature technology is best; and even if we could, what is best today may not be best five years from now or ten years from now-- or even one year from now. The proposed legislation takes the right approach by insisting that those issues be left to human ingenuity, as tempered in the marketplace. Conclusion In conclusion, Mr. Chairman and members of the Subcommittee, we at Capital One strongly support the enactment of H.R. 1714. We believe that it provides the best legal basis for fostering electronic commerce and unleashing the Internet's potential to transform our economy and the world's. We are grateful for the leadership of Chairman Bliley, the original motive force behind this legislation, and we commend the Subcommittee for its consideration of it. Thank you for the opportunity to testify. Mr. Tauzin. Thank you very much, sir. The Chair now recognizes himself for 5 minutes, and members, in order. First of all, Mr. Pincus, you are aware, of course, of the July 1997 German Digital Signature Law that seems to be very restrictive in terms of using only digital signature technology, and the government's August 1998 position paper on international recognition of digital signatures reinforcing their own law. Can you tell me how the U.S. is responding to this very alarming direction that the government of Germany is already taking in this area? Mr. Pincus. Certainly, Mr. Chairman. Let me mention one set of international developments that is relevant. Just as we are having this discussion here, the question of promoting uniformity has been very much an issue in Europe within the European Union. In fact, the European Commission has proposed an electronic signature directive that is now working its way through their process, and is expected to be finalized sometime toward the end of this year. It is much closer to--although not completely congruent with--the principles I discussed earlier and will require significant changes in the German law. We have made it clear to the Germans that we think their approach is not technology-neutral. It is technology-specific, which would create real problems in global commerce. The European Union approach is much closer to ours and more technologically neutral. It is different from the approach we advocate in that it provides for some government identification of preferred technologies, and giving them a legal presumption, which we think is not the way to go. But it is a lot closer to where we are and would require significant changes in the German law. Mr. Tauzin. Andy, you have mentioned that you are not sure yet; you don't know whether or not electronic commerce is impeded yet by the lack of a national standard that is technologically neutral, but nevertheless moves all the States in the same direction. How do you know what activity is not going on? How do you identify what is not happening in e- commerce? We can identify what is happening. But how much is not happening? Maybe you can jump in and help me with this, some of you other witnesses. It seems to me that is a hard thing to quantify. It seems to me that if we are smart enough to pass a national standard that is amenable to all the States, a lot of things could happen that aren't happening today. Am I wrong in that? Mr. Pincus. I think you are right. It is hard to know. I think in talking to the private sector, which obviously has its finger much closer to the pulse than we in government do, most of the concerns that we hear expressed are in terms of what happens if we don't get to a uniform standard soon. We don't hear a lot of examples of people saying, ``We are thwarted from doing something right now.'' Mr. Tauzin. Well, let's find out. Ford Motor Company indicates, Mr. Skogen, that you are doing a lot of online customer activities. But the customers still have to go to a dealership, right, and sign a contract at the end of it all; is that correct? Mr. Skogen. That is correct. Mr. Tauzin. Would it be helpful if, in fact, we had a national standard so that you could do all of that business online, including the contract? Could we end up 1 day where customers could design their cars; order them from you online; and the factory would build it and ship it? Mr. Skogen. Well, I guess anything is possible. But we do, in fact, receive requests from customers and e- mails on trying to make the process a little smoother for them; allow them to do as much of it from home as possible. In fact, even some dealers today are delivering vehicles to the customers' homes that have ordered it over the Internet. Mr. Tauzin. Yes. So I mean that a lot more is possible if we are wise enough to have a nice set of standards. Let me ask you in terms of the current bill, Mr. Siedlarz, you have made the case for technological neutrality here. Is our bill sufficiently technologically neutral? Mr. Siedlarz. I think it is. I think, Mr. Chairman, it is very close. With our little sensitivity on the issue of biometrics; the way we link biometrics to encryption; and the growing understanding of those who have to work together, I think that is true. One added comment to your previous question, if I may: It has to do with the issue of how we judge what is happening on the Internet today. I don't think we know the true story. Because we measure everything in terms of financial losses, for example, and the misuse of a credit card, or having that information stolen; we don't know, in fact, whether or not privacy is being invaded at a significant level, and yet not realized today by the consumer. We simply don't know the levels of penetration. Mr. Tauzin. You don't know how many consumers refuse to use e-commerce until they know all this has been worked out. Mr. Siedlarz. That is correct. I suspect that it is a large number. Mr. Tauzin. Mr. Curtis, let me get you to help us, too. How deep is the concern about disavowal of transactions, right now, repudiation, and the losses that might be incurred by companies without a digital standard? Mr. Curtis. Our concern about that is fairly high. We are moving forward with a number of initiatives that will have us more active online. But concern about disavowal, and consequently, fraud, actually are a high-level concern with us. They are holding up some of those initiatives that I really don't want to talk about in detail. They are company- confidential. We probably would be moving faster and providing more online, Internet service sooner, if there were greater certainty of transactions over the Internet and a more secure legal basis for them. Mr. Tauzin. So you have that same sense that we seem to have. Consumers, in many cases, are going to be much more willing to engage in e-commerce once we have some kind of national standard established. Mr. Curtis. Yes, I think that is true. Definitely. Mr. Tauzin. Secretary Upson, before I leave you and go to the members, would you give us a little clearer understanding of the Virginia concept of the best practices center? What is it? How does it work? What does it do? Mr. Upson. Yes, Mr. Chairman, I would be pleased to. In fact, I am sorry that I neglected that in my remarks. One of the things that we are trying to do is encourage the State agencies to--and Governor Gilmore is about sign an Executive Order that will require State agencies to--think about the electronic signature environment and putting up systems that facilitate it in their contractual arrangements. What we are establishing is a statewide, best practices website, where agencies--smaller agencies in particular--can go and get information on how the process works; what other agencies are doing; and what other States are doing. This is so we might have the ability to take advantage, without having to reinvent the wheel, and really build a best practices center across government that we can use for a number of information technologies and electronic commerce initiatives. Digital signatures is just one of them. In fact, one of the recommendations that you might consider is a best practice site at the Commerce Department, or an appropriate place, for States to be able to at one stop understand where they can go and see what the best practices are, and find out what other States are going. Mr. Tauzin. Interesting. Thank you very much, sir. Finally, Mr. Engelberg, we have a number of members now. I wanted to wait until we had a sufficient number, because I thought this would be interesting for everyone. Here is your digital signature on Stamps.Com, right? Explain to us how it works. How is it secure? How is it authenticated? Mr. Engelberg. Sure. Each barcode is unique. Each one contains a digital signature that is generated for that particular piece of mail. The barcode contains additional information like the delivery routing; zip code; where it came from; a date/time stamp, and the amount of the postage. A digital signature is generated by a private, cryptographic key, which is unique to a particular user. Before we create that key set, it is sent to the Postal Service's Certificate Authority, where a digital certificate is generated. That certificate's serial number is embedded in the barcode. In the event that the Postal Service wants to authenticate the postage, they can scan the barcode; get the certificate's serial number; and from the Certificate Authority get the public key to read the digital signature. If the two match, then you know it was generated by a valid key. So, that is the full process. Mr. Tauzin. So, it is an encrypted system with a private key, with the availability of the Postal Service to use a public key to authenticate it, if necessary? Mr. Engelberg. Correct. Mr. Tauzin. Thank you very much. The Chair will now yield to the gentlelady from California, Ms. Eshoo. Ms. Eshoo. Thank you, Mr. Chairman. My thanks to each one of the panelists for your excellent testimony to us. I would like to start out with Mr. Pincus. Thank you, again, for your testimony and your good work at the Commerce Department on the international front of this very important issue. My question to you concerns the section on preemption. I am sure you would have guessed that is what I would be asking you about: section 102 of the bill. As you point out in your testimony, this section would empower the Secretary of Commerce to file an action to enjoin the enforcement of State statutes prohibited by this act. I have two questions. First, did the Secretary of Commerce seek this authority? Second, what effect do you believe such a statute would have on State laws addressing electronic authentication? Then, as a follow-up, I would like Mr. Greenwood and Secretary Upson to also comment on the questions and Mr. Pincus' response. I am asking you to divvy up the time now. Those are my questions. Mr. Pincus? Mr. Pincus. Thank you, Congresswoman Eshoo. We certainly did not seek this authority. As I mentioned in response to the chairman, we are not aware that the case has been made yet that there is a need for preemption, although it is risky. When the chairman is making a case, you sort of always now that you are going to get on the bad side. Ms. Eshoo. But that is what hearings are for, so that we can flush out the different parts of the bill; develop consensus, and have the strongest one that is going to work well for the country. Mr. Pincus. No, I understand that. So we didn't see a case for preemption at this time. I think to the extent there is such a case, as I said in my oral statement, it seems to us that it is a case to create a gap-filler rule until the States enact the Uniform Electronic Transactions Act. I think that everyone agrees, as I said, that if we could wave a wand and be sure that every State would do that in a short period of time, then there would be no problem, because the UETA would be a very strong, uniform basis of national law. That, it seems to us, is what we should be doing. Some of the concerns that are expressed in my written testimony are that this bill really goes beyond that goal and could create some continuing questions about the preemptive effect of this measure vis-a-vis any uniform State law that is enacted. That could cause a lot of confusion about what the governing rules are. Ms. Eshoo. Thank you. Mr. Greenwood. I tend to agree with Mr. Pincus. I guess I would just emphasize one part of it. We really are, I think, at the cusp of uniform State law in this area. National Conference of Commissions on Uniform State Law has been almost at the end of a multi-year process of developing the Uniform Electronic Transactions Act. I feel like I have been privileged to be at almost all of their drafting meetings. It is quite an incredible process to see them go through so many interrelated areas of State law and common law; and get down to the fundamental interests that industry has in creating a better legal framework; and make sure they are meeting those interests, while also balancing other interests, as well. Ms. Eshoo. Do you think that the States, in developing the model legislation, would have that completed within the 2-year deadline that I think the bill establishes? Mr. Greenwood. That is going to be one of the areas that we will be proffering comments on within our 30 days. The 2-year time limit, in our view, is somewhat problematic. The preemption balance is going to be the most delicate one in a measure like this. A key criteria is that it allows jurisdiction to revert back to the States, as part of our comprehensive Uniform Commercial Code, commercial law, and Uniform Electronic Transactions Act process. We have some States that are not even going to be in session. They have legislative sessions every other year. Texas, and some others, for example. The other issue in this is that we are talking about an area of law which is going to be evolving over many, many years. The markets will evolve. The technologies will evolve. Things will come up. So long as you have States around; so long as we have these legislatures; and we have other interrelated areas of law, we are going to need the flexibility to maintain the jurisdiction--and in a sense, the sovereignty--to continue to discharge our duties to make sure those laws are appropriate and responding to those changing conditions in 2 years, in 20 years, and hopefully, in 200 years. Ms. Eshoo. Secretary Upson? Mr. Upson. It is an interesting question. I would just comment that I think that what I understand the statute does-- or is attempted here--is that uniform standard of recognition across the country in recognizing an electronic signature is in the interest of the citizens of every State. Of course, it is a little moot for Virginia. We are in place, or will be within the 2 years. Part of me thinks--to speak as a consumer--I hope that the States would have that in place within 2 years for the ease and the ability to do the kinds of transactions that are multi- State, in terms of insurance; buying a car; registering with a financial institution, or anything. I am not sure that in the Internet speed that our society is moving at that will be an issue in 2 years. Maybe I am an optimist. I hope that the national standard that this law establishes itself is in place. I would feel differently if there were a prescription for how we do it, as opposed to that there is a recognition that an electronic signature is binding. I think that is the significant part. Ms. Eshoo. I don't think the committee has ever, in any of its legislation, prescribed to a certain technology. I don't think that is for the Congress to do. Mr. Upson. No. I understand that. Ms. Eshoo. So we agree with you there. The area that I am pursuing, as you clearly understand, is how we marry the ``test kitchens,'' as it were, of the States; not dampen their creativity; develop something that is timely across the Nation; but not trample on one another. That is the area that I am asking you about. I am not so sure what your answer is. Mr. Upson. I guess I don't see the trampling in the legislation. I don't. Ms. Eshoo. So you think that the States are being respected? If they don't come up with something in 2 years, the bill would impose---- Mr. Upson. I would hope that the States, in 2 years, would have it in place. I just think that in 2 years we will be so far along with electronic commerce, I think it is important that---- Ms. Eshoo. This is electronic signatures that we are talking about, though. Mr. Upson. Well, electronic signatures I consider to be integral. Ms. Eshoo. You are doing your best to give me answer, and be very respectful of Chairman Bliley. I appreciate that. Mr. Pincus. Congresswoman, can I underline one thing that Mr. Greenwood said, because I think it is important. One of the problems of the 2-year period is if 10 years from now--and this frequently happens with uniform laws--there is an update that is done because of changes in technology, or things we cannot even anticipate. I think the way that this is currently drafted, it would prevent the States from coming back with another uniform law that updated the first one. I think that is what he was getting at. It has this continuing preemptive effect. Ms. Eshoo. I appreciate the comments that you have made, each one of you. I think, Mr. Chairman, it is a section of the bill that needs some dusting up. I yield back. Mr. Tauzin. I thank the gentlelady. The Chair now recognizes the gentleman, Mr. Shimkus, for a round of questions. Mr. Shimkus. Thank you, Mr. Chairman. I want to first direct my question to Mr. Engelberg. Based upon your response, you saw us all chuckling. Encryption is part of this issue, but we also have another big issue before us on encryption. I guess the question I want to ask, first, is in our issue addressing the ease of export controls for encryption products. What is role of that, in perspective? I will just ask for your comments. Mr. Engelberg. Well, as a company, Stamps.Com does not have a formal position on export controls of encryption. We are working with international postal authorities to try to achieve a international standard, along with the U.S. Postal Service, for the digital signature and two-dimensional barcode, so that this form of postage can be recognized worldwide. Right now, it is restricted for domestic use. Mr. Shimkus. Why is it restricted for domestic use? Mr. Engelberg. There are a bunch of reasons, mostly Postal Service decisions. International postal authorities do not yet have the ability to recognize that type of postage. Mr. Shimkus. Does it depend, in any amount, on our encryption policy? Mr. Engelberg. I don't believe so. I would want to investigate that further and provide a written response. Mr. Shimkus. Also, you talked about public access and private access of keys. Is the perception on your end as far as mail fraud and the ability to have access to keys, both public and private, a concern? Is it not a concern? Mr. Engelberg. In our system, the keys that are used to generate the postage are not actually in the hands of the user. They are always maintained on our server. When a user logs in and is authenticated through a proprietary authentication process, the keys that are used to generate postage for their unique account--their meter--are pulled from a data base and used, within the boundary of a highly secure, cryptographic device. One of the concerns that I highlighted in my written statement was that a private key in the hands of somebody who does not know how to use it can be dangerous in that someone could get hold of your private key and begin signing things. It is non-reputable. That is one of the reasons we hold onto the keys that are used to sign. Mr. Shimkus. What if there is an issue on mail fraud and the government? I guess the Department of Treasury would want to address that. How would they get access to a key to follow information--or, would they? Mr. Engelberg. Well, one of the motivations for the system, actually, was to combat mail fraud. Traditional postage meters are susceptible to fraud. You can crack into them and literally roll back the meters. So this was a way of stepping up the security of evidence of postage. With regard to which government agency would conduct an audit, right now that exists within the Postal Service. The way they would do it would be by scanning any individual mail piece and checking the validity of the digital signature using a Postal Service Certificate Authority, which the Postal Service runs. Mr. Shimkus. Okay. I think I still have some time, so I will go with Mr. Skogen, from Ford Motor Company. Would you please outline a few components of the transaction costs your company may incur if it is faced with 49 different State electronic signature laws? I don't know why it is 49. Probably 50 different signature laws are possible. Mr. Skogen. Maybe I can respond to that from a little bit different side, and look at some of the things that we are looking at and doing today on the Internet that could be affected by it. For instance, I see several opportunities for several applications for the Internet that we have already launched. For instance, company-to-dealer communications through a dealer Internet website, which enables us to communicate faster, on a more timely basis, from one central location. Some of the things that we would like to do on that website are going to require some type of electronic signature. Ford Credit offers customer account access online, which provides 24 hours, 7 days a week secure account access for customers. Today we have roughly 170,000 Ford Credit customers that are using it on a monthly basis. Our purchasing organization is analyzing warranty repairs, via the Internet, along with our suppliers. They are pursuing a paperless purchasing process, which includes non-production purchases of several billion dollars a year. On the Ford supplier side, Ford has a Ford Supplier Network they can access through the web, which offers information and communications facilitating the engineering process, along with online training. Everything that I have mentioned provides additional efficiency and convenience; but it would be more efficient and secure with electronic signatures. Mr. Shimkus. And much more difficult if you had to comply with 49 or 50 different encryption possibilities. Mr. Skogen. Yes, that is true, I guess. Whatever advances-- is e-commerce the quickest? Whether we get it from the States, or whether we get it from the Federal Government, it has to be uniform and it has to be soon. Mr. Shimkus. Mr. Chairman, I yield back. Thank you. Mr. Tauzin. I thank the gentleman. The Chair now recognizes the gentleman from Tennessee, Mr. Gordon. Mr. Gordon. Thank you, Mr. Chairman. Let me thank you, once again, for your tolerance in allowing a little flexibility here today. As I had mentioned earlier, last year the House passed the Government Paperwork Reduction Act. I have introduced legislation to try to bring that to a head. That act required that, by the year 2002, the various Federal agencies would be able to communicate with electronic signatures with their constituents; but it has really set up no guidance. You could wind up getting into a situation where, because of interoperability within an agency, or between agencies, you could have even a more difficult time trying to communicate than before. So what our digital signature legislation does is sets up, or dictates, or directs NIST, which is the National Institute of Standards in Technology, to establish some minimum, technologically neutral standards so that the different agencies will be able to by off-the-shelf products and have interoperability. That was the objective. I have vetted it extensively with the private sector, all on a positive basis, if anything they say goes beyond this in having authentication beyond just electronic signatures. I have tried to make this available to all of you. I don't know whether it has worked its way up through the food chain or not. I am going to break the cardinal rule of a lawyer and ask a questions that I don't know the answer to. I will start with Mr. Pincus. The ones of you that have had an opportunity to review this, any kind of feedback that you might give, give please. Mr. Pincus. Certainly, Congressman Gordon. Let me say, first of all--maybe a little parochially--we are very proud of NIST at the Commerce the Department, and its expertise in the computer area, among many other areas. We think it does have a role to play. I think our question involves how this legislation would interact with last year's, because we think last year's legislation is working. Agencies are moving forward with the process of moving online, and adopting authentication methods that work for whatever their particular interaction with customers or constituents is. I think we would be interested in working with you to provide a way so that agencies, as Mr. Upson said, have access to the resources so they know what is out there in the marketplace. Where we get concerned is the idea that there can be a single solution or set of solutions for standards problems in the government. Just like in the private sector, there are different kinds of authentication and different levels of security that may be appropriate for different kinds of government/non-government interactions. So we are leery of an approach under which there can only be one digital signature that you can use for all your interactions with the government, because that is not how the agencies are going. As I said, their missions and their various interactions may require different levels of security. Obviously, it is very high for Treasury in its dealings with financial institutions; and it may be much lower if it involves just filing an informational form that does not carry the same consequences if things are mishandled. My overall reaction is that we would, obviously, be very happy to work with you in moving this forward. Mr. Gordon. Well, our objective is not to look for one standard. Our objective is to, again, allow a minimum standard. I know that at home we have 95 counties in Tennessee. We, some time back, tried to get them all to take their election commissions and get them computerized. Well, each election commission got the cheapest thing they could find. There was no interaction between them. We are having to start all over. So, there are number of, I am sure, good products there. What we want is for agencies to know which ones can be interoperable and where you go out on-the-shelf and purchase them. Anyone else? Mr. Pincus. I should say that on the off-the-shelf point we are very focused on the idea that we shouldn't be looking to create special products or technologies for government. What government agencies should be doing is looking at what is out there in the marketplace and picking something that works for them. Mr. Gordon. Trying to keep within our time. Anyone else? Mr. Upson. Just a quick observation. I am not real familiar with the legislation. As you describe it, there is also, under the Information Technology Management Reform Act that Congress created and the President signed, a chief information officer apparatus, where you have the agencies with the knowledgeable people. I forgot what the mechanism is in that bill, but they meet regularly as you know. Mr. Gordon. I think it is the OMB. Mr. Upson. Yes. And each agency has a representative. That might be very useful. Mr. Gordon. We are trying to work with them to, again, find that continuity. Anyone else? Mr. Siedlarz. Congressman, one other quick response. I wanted to make you aware of the fact that there is a significant movement within the industry to find application program interface standards that all companies and all technologies can meet, up to a certain line, for a kind of handshake that would make them interoperable. One of the most significant ones is an ad hoc organization called BIOAPI. Most of the major computer manufacturers, as well as significant participants in the biometric industry are involved in the development of those standards. Before the government steps in and attempts to adopt a standard, even a common denominator one--which I think is admirable--I think the product of those industry groups would be useful, first. Mr. Gordon. If you could provide me with the name of that organization and how to contact them, it would be helpful. Thank you. Mr. Siedlarz. I would be happy to do that. Mr. Greenwood. If I may take a stab? I had an opportunity to review the legislation. One of the sections of it that I thought held a lot promise to be assistive was the panel. I think it was the last section. A number of States have been struggling with the same questions. How do we organize? How do we standardize? How do we ensure interoperability among our usages of electronic authentication; and in particular, the usage of certificate authorities, certificates, and digital signatures? I would be happy to make available to the committee in part in response to your question a draft guidelines document which we came up with collaboratively with some Federal agencies, and mostly with some private-sector entities through the National Automated Clearinghouse Association. It is something called ``The Certificate Authority Rating and Trust Guidelines.'' We opted in the end of the day for no central standards from any given organization, or even a consortium of organizations. But rather at this stage, since we are still in an early phase of development of the technology and the business model supporting the this technology; we opted to give some guidelines for bottom-up standards through watching best practices emerge: contracts, operating rules, and things of that nature. The only other observation I make on the bill, which maybe deserves some more review, is that it does seem to have an underlying assumption that the usage of certificates will be part of a trusted third-party certificate authority model. Our review of this document in the natural organization seemed to indicate that the business models are developing more in line with a so-called ``closed system,'' or a bounded system, where the organization issuing the certificates for use is actually one of the two parties themselves. So it may be that your bank is issuing you a certificate. It is not some third-party certificate authority. That is something that might bear some more analysis in your bill. Mr. Gordon. I think within the Federal Government you are going to be dealing with constituents more than business. There is some business-to-business; but there are also going to be individuals that will not have that ``in-house'' ability. Mr. Skogen. I would like to just make one quick comment here. We see H.R. 1714 as the first step in establishing acceptance of electronic signatures nationwide. We do support anything that advances uniform standards, such as H.R. 1572. I mean, if the Federal Government can be used as a model for widespread usage, I think that is great. But we think that the industry-based standards for certification authorities would be better for business. Mr. Gordon. Thank you, Mr. Chairman. Mr. Tauzin. I thank the gentleman. The Chair is now pleased to recognize the gentleman from Oklahoma--who, in e-commerce jargon, may not have been much of a sender, but is one hell of a receiver--Mr. Largent. Mr. Largent. Mr. Pincus, for many at the Commerce Committee, can you give us any idea what the number is in terms of dollars that is being conducted today in e-commerce in this country? Mr. Pincus. In my written testimony, I have some numbers. The projections are overtaken when we get to reality, so the projectors go up another notch. The forecast that we are hearing is that online retail sales will be about $40 billion by 2002. And all e-commerce activity, including business-to-business which is obviously a much larger amount, could be up to $1.3 trillion, in around 2002-2003. Mr. Largent. What would you estimate that it is in 1999? Mr. Pincus. I think in 1999, the online--the Christmas retailing--was in the $7 to $9 billion range. I am not sure what the number is for online business-to-business. It is many multiples of that. The business-to-business transactions are moving ahead much quicker than retailing. Mr. Largent. So, $12 billion; $20 billion? Mr. Pincus. I think maybe in the upper range; around the $100 billion range. Mr. Largent. One hundred billion. That is all electronic commerce? I am trying to compare your numbers. In 2002 you said $40 billion. Mr. Pincus. No. The all-in number was $1.3 trillion. Mr. Largent. Right. Okay, that is right. So, $100 billion. We are anticipating that to grow by twelvefold in 2002. Mr. Pincus. I think the growth rates are very high. Mr. Largent. Okay. Do we have any idea what kind of abuse has taken place today, because of the lack of verifiable or uniform electronic signature laws in this country? How much are people stealing--Visa Card numbers, and so forth? What kind of abuse is taking place today? Mr. Pincus. I don't think we know. I actually think that, even if we had a signature law, even if the Uniform Electronic Transactions Act were enacted today, that still would not provide a means of paying for most consumers goods. I think in the foreseeable future for consumer transactions, there is electronic money and perhaps other innovations that are a bit further off in the future. I think people anticipate that credit cards are going to be the method of payment for consumer transactions in the near and medium term. Credit card companies, themselves, have been developing some kinds of security mechanisms to be sure that credit card numbers aren't misused. But as some people have pointed out, if you give someone your credit card in a restaurant, it passes through a lot of hands. The opportunity for people, if they have a fraudulent frame of mind, to get the number and misuse it is not that different from someone's catching the number electronically. A person with fraud in mind, if they get into the stream, can obviously catch a lot more numbers and may have a bigger opportunity for fraud. But I think the credit card companies are very focused on this problem, since they bear the burden of the fraud and are figuring out ways to prevent it. Mr. Largent. Do you hear from the States very often in terms of the dollars that are conducted through electronic commerce that escape State taxation, or even cities and municipalities? Mr. Pincus. I am privileged to be Secretary Daley's representative on the Internet Tax Commission. So in preparing for the first meeting of that Commission, which is going to take place in Williamsburg on the 21st and 22nd, I have been hearing a lot of information from States and localities about their concern that there may not be a tax collection mechanism; and what that might mean for their revenue base. Mr. Largent. Yes. So I am asking that question, because one of the issues is States' moving forward with their own legislation on electronic signature. Would the fact that they are losing taxes, because of electronic commerce, be a sort of cold blanket on them out of wanting to move forward expeditiously within a 2-year window, or whatever, on doing something themselves? Do you understand what I am saying? Mr. Pincus. I understand what you are saying. I guess I haven't heard that. Because of the economic growth potential of electronic commerce for our country and for each State, I think there is much more of a policy and political imperative for States to do things that facilitate the growth of electronic commerce, even if it may, as you say if this other issue isn't solved, have an adverse revenue effect on them. What we have heard is much more of an interest in doing things to help e-commerce grown, and then figuring out a way to deal with this tax issue. Mr. Largent. That is what I hear, too. It does flow both ways. In other words, you can open up your own electronic shop in your State, and have people buying products from your State, as well. Mr. Siedlarz, I just wanted to ask you a little bit about your company and how that works. What would I have to have to have on my laptop in order to do that iris deal? Everything that I would need, do I have it on my laptop right now? Mr. Siedlarz. Pretty much, except that the only other peripheral that you would need, Congressman, is a small imager--a camera--that sends either the iris code itself, or the image for processing on the laptop, and resident software on the laptop that would do the processing and comparison. Mr. Largent. Does that have to have that broad-band, high- speed Internet capacity? Mr. Siedlarz. Well, it doesn't. There are two different version of it that we are working on now. One can send a very low bandwidth of 4 to 6 frames a second. Another version sends 30 frames a second, but you are doing the processing in the imager. So, it depends on where you are doing the processing. Mr. Largent. Mr. Engelberg, my last question is to you. You were explaining, a little bit, about your electronic signature on your envelope. I have to tell you that I honestly did not understand one word you said. Can you kind of just tell me what business you are in? What the heck do you do with this, Stamps.Com? I don't have a clue. Who are your consumers? Do you just work with the general public? What would I buy from you? What is your business? Mr. Engelberg. Yes. Our service is designed to provide postal convenience. We basically replace the postage meter. We make it possible for you to print postage off your desktop printer, using your laptop with nothing added; 24 hours a day, 7 days a week. We do it with a system of cryptographic keys on our servers that generate digital signatures to make each stamp unique. There is a digital signature in every barcode, in every stamp. Mr. Largent. And the Postal Service has to read that digital signature? Mr. Engelberg. The Postal Service can read it to audit the process to determine the authenticity of the stamp. When they read the barcode, they can pull out the digital signature and validate that with the public key they have on their Certificate Authority. Mr. Largent. Okay, I got you now. Mr. Engelberg. I will stop there. Mr. Largent. Yes. Don't give me too much information. Thank you, Mr. Chairman. I yield back. Mr. Tauzin. Otherwise you might go postal on us. Thank you, Mr. Largent. The Chair is pleased to recognize the gentleman, Mr. Sawyer, for a round of questions. Mr. Sawyer. Thank you, Mr. Chairman. Every time we talk about the electronic environment, one of the things that I try to do is to think back to the fundamental underpinnings of any process of law that might have preceded the environment that we are working in, and recognize that many of the protections that are offered in conventional environments really ought to apply in a more technological one. Today we have been talking about interoperability and verification of signatures. We have touched a little bit on sanctions. But I am struck by the Virginia precept that suggests that, ``Where any Virginia law requires a signature, or provides for certain consequences in the absence of a signature, that law is satisfied by an electronic signature.'' I would really like to ask you to talk a little bit about sanctions for falsification, or failure to perform as agreed over a legitimate signature at both ends of a transaction. I am particularly interested in the Federal law enforcement standards. We have talked about postal standards, but I am not sure about postal fraud: everything from bouncing checks and the IRS, and the way that has been used for enforcement. So what I would like to ask each of you is, thinking in terms of both a multi-State and trans-national settings, are there special places that we ought to look for pitfalls that are unique to this environment in terms of enforceability and comfort levels with sanctions, and guarantees of privacy and security? It seems to me that if trust is at the core of a signature, that becomes particularly important when we are not only talking about the electronic environment, but the playing field, both multi-State and trans-national. Mr. Pincus? Mr. Upson? Special pitfalls that we need to look out for. Mr. Pincus. Well, I think one you mentioned is, certainly, privacy. We have taken the position that we should look for the private sector to lead the way on privacy protection. Certainly, one thing that we believe is important is that authentication providers have good privacy practices that are up to the level of the good online privacy practices that we have talked about elsewhere. I think that most of them do. That is clearly important. Because it is possible that with some forms of authentication, the authentication provider would have a lot of information about an individual's transactions that the individual might not want to be sold, or might at least want to exercise a choice about whether it could be marketed, or mined by data miners. Certainly, we think that allowing such choice is a good practice. We have not advocated government solutions to this problem, because we think the private sector is moving to do that. I think that is the right approach. I think as a general matter, although electronic commerce technology is very different from that used in international commerce, it may be inappropriate to have special protections for electronic transactions differing from those we have in the physical world. We have general commercial contracting rules. We also have special consumer protection rules-- unconscionability, and things like that--that apply to consumer contracts. You would certainly want to be sure that those things applied in cyberspace, as well. There are some kinds of contracts in the physical world, with respect to which we require special formalities: wills, for example. One would certainly want to provide that is also true, to the extent that there will be electronic contacting, that there will be a form of authentication in that context that has special assurance, because we insist on that in the physical world. I think as of now, we don't see the need---- Mr. Sawyer. I don't want to run out of time. Mr. Pincus. I am sorry. Other than translating current rules appropriately for the online world, we don't see the need for some special, overall new rules in electronic contracting, because we are concerned about how that might tilt the market. Mr. Sawyer. Mr. Upson, would you be comfortable enforcing Virginia's laws based on signature in a multi-State or trans- national setting, based on the kinds of protections that you have available? Mr. Upson. Well, I guess I would look at from this perspective: I think that what we have tried to do in Virginia is not create any new laws, necessarily; except for unsolicited bulk e-mail, where we have a unique statute. Really, if it is fraud in the non-electronic world; it is fraud in the electronic world. We have tried to ensure that our statutes do exactly what Mr. Pincus said: to ensure that our statutes recognize that fraud is fraud. If you falsify information electronically; once that is recognized, it is a crime. We actually have a program to train law enforcement professionals in cyber-crime. I guess that is the way to look at it. Really, we try to say that our whole premise is--I think it is yours, too, in this legislation--that crimes are crimes, whether they occur electronically or not. Mr. Sawyer. I agree with that. I am looking for special circumstances that we ought to be particularly alert to. Mr. Upson. ``Spam,'' I think we have looked at. We have attacked it. We have created a cause of action. There are companies that engage in spam as a matter of business and pay fines that are set up. We have made it very expensive now, in Virginia. That is unique to the Internet. Mr. Sawyer. Mr. Skogen? Mr. Skogen. Yes. I am really not the right person to respond to that question, but would be happy to get back to you. Mr. Sawyer. Good. Mr. Greenwood. In Massachusetts, one of the first things the Weld administration did in the early 1990's was to create a computer crime commission, which analyzed our entire body of statutory and common law crimes to see whether they were adequate for even what we were seeing then as our emergence into an information age. I think the results at that time really still hold true today. Largely, our existing body of laws was adequate to handle the types of crimes, fraud and other misdeeds, that we saw developing. The exception is that we have to keep asking the question. So our approach is to remain on the lookout; to continue to have hearings like this; and continue to ask and make targeted reforms, as needed. I think we clarified a couple of things to just make it painfully obvious for our prosecutors as they made the case that larceny includes electronic property, and so forth. So we made a couple of small tweaks--arguably not even necessary. Mr. Sawyer. Others? Thank you, Mr. Chairman. Mr. Tauzin. Thank you, Mr. Sawyer. The Chair is now pleased to recognize the gentleman from Illinois, Mr. Rush, for a round. Mr. Rush. Thank you, Mr. Chairman. Mr. Chairman, I want to also commend you for patience, and commend the witnesses for their patience. I know this has been quite a long hearing. I just have a couple of questions for Mr. Siedlarz. This technology to verify someone's identity through their physical characteristics is pretty fascinating to me, and I am sure to others. You can accomplish this through the use of computers and other enrolled data? Mr. Siedlarz. There is a broad range of technologies, Mr. Congressman, that do that. In fact, maybe 115 different versions are available in the world today. Mr. Rush. Who would take advantage of this type of technology? Mr. Siedlarz. That question somewhat talks to the previous one from the Congressman about the issue of what we should be concerned about. The truth of the matter is that the new technology today has a capability of verifying an individual in a much more positive way that the previous signature--the human signature--ever did. To the degree that Federal law is not comprehensive enough to protect that from those who would attempt to steal and counterfeit even the electronic version of that today, we need to do something about that. As the business on the Internet increases and e-commerce increases, clearly, the threats against the electronic means of using technology to prove identity, or verification, or authentication are going to come under more serious attack. Anything made by man will ultimately be defeated by others. Mr. Rush. Is this technology aimed a particular, narrow group of people? Mr. Siedlarz. No. The best biometrics whole purpose is to be absolutely useful in the general population. To the degree that segments would not be available, then the technology would be inherently flawed for use in electronic commerce. Mr. Rush. When you indicated that you can verify someone's identification through the pupil of the eye---- Mr. Siedlarz. The iris of the eye. Mr. Rush. Are you going to have that information? How would you gather and collect that information? Mr. Siedlarz. That is a good question. Well fundamentally, an image of the eye is taken and it is immediately converted into a digital code. Then that is translated through a relatively sophisticated process into what we call an iris code and stored into the computer as 512 bytes of information. There is no way that if you take that hexadecimal code of 512 bytes that you could recreate the iris, or recreate anything that looks like that original image. That information is essentially, absolutely useless to anyone other than the system of crossing a firewall and liking that image to an identity code. Even IBIA, as an organization, has taken a very strong stand in being proactive about privacy, the ethics of privacy, and the use of rules maintaining privacy within the biometrics industry. Mr. Rush. How would you collect it, though? Mr. Siedlarz. Enrollment. You would look in a camera. The code is created. Mr. Rush. So you have consumers just lined up. Mr. Siedlarz. It is a voluntary situation, exactly. There are tests going on now; pilots in banks both in Europe, the United States, and elsewhere, where people voluntarily submit to enrollment--to get a picture taken, essentially--using camcorder technology and to have that code created. It gives them a great convenience. It protects their accounts. It, frankly, protects their privacy in ways that it never did before. Mr. Rush. This is my last question. Are we approaching the day when there would be a national or international data base of pupils on file? Mr. Siedlarz. Some of us might wish so from a business standpoint. I don't think that, practically, that any one technology is going to capture the world market or the world use. We think some are better than others. But the issue of interoperability is really what is important here. Whatever one you use, there is a way for them to ultimately speak to each other, and serve the purpose that we need in society. Mr. Rush. Thank you. I yield back, Mr. Chairman. Mr. Tauzin. Thank you, Mr. Rush. I think it is fair to say that before you have a contract, you have to see eye-to-eye, anyhow. It will all work out, somehow. I apologize. The Chair is pleased to welcome the very patient lady from Missouri, Ms. McCarthy. Ms. McCarthy. I thank you, Mr. Chairman, for this hearing and your foresight. I would like to remark, in follow-up to Mr. Rush's comment on international, that last October I was sitting in the Dublin, Ireland, Silicon Valley area in the Gateway Facility there observing Prime Minister Ahearn and President Clinton sign a trade agreement from their laptops with their secure id's. So there are huge international uses already for this technology of the virtual signature. Mr. Chairman, the President noted that while he is somewhat new to the technology, this virtual signature could potentially lead to a ``virtual president;'' and thought we ought to probably debate larger, philosophical questions while we grapple with the practical issues today of State and Federal authority. It is almost like being at the top of a really snowy hill. The toboggan is heading down. You know it would be a great ride, but you are not on it. You are running after it. I feel a little be breathless about this whole conversation, because it is happening. We are today trying to grapple with how to do it well, so that it happens with the safety and security that we all seek. I must confess to the panelists I am a product of State government: 18 years in the Missouri legislature before joining this august body. So the question of preemption of any State law is real to me. My State, Missouri, in 1998 did pass the Missouri Digital Signatures Act, that our Secretary of State is implementing. It is modeled after Utah law. I know a lot of States are grappling with this. So in this issue of State preemption, H.R. 1714 would preempt any State law that is not consistent with the bill; even if the State law is passed within the 2 years that the National Conference of Commissioners is working in, as well as any laws that are already on the books, like in my State of Missouri. Do you believe there is any risk that the uniform law that you are contemplating could be construed as inconsistent with H.R. 1714, and thereby render this entire, intensive effort invalid? I know my State will have to reflect on its current law; look to the Commission's work; and adopt and make changes. If we pass this law, H.R. 1714, what if the Commission's work is invalid? Mr. Greenwood, could you reflect on that? I would love to weigh-in anyone else's thoughts. Mr. Greenwood. Thank you very much for the questions. It is very gratifying to see an alumna from the State legislature for so many years in this august body. I think your concerns are really right on. There is clearly a need on the one hand to get a national baseline soon. However, that cannot rule to the exclusion of an equally important need not to unduly disrupt these areas of State law and the emerging State laws. To zero in on your specific question, one of the areas that ought be looked at as this bill is honed through the process is section 102[b] and [b]. There are several areas, but let us talk about [b], for a moment. It would require that a State law that is enacted to basically revert the jurisdiction back to the State within this period of time must meet this requirement: that it not discriminate in favor of or against a specific technology, method, or technique of creating, storing, generating, receiving, communicating, or authenticating electronic records or electronic signatures. That sounds good in the sense that it is technology- neutral, which is what we want. I do believe the Uniform Electronic Transactions Act, which we are primarily talking about now, is largely technology-neutral. However, in the particular implementation of many particular areas of law; you do have to start talking about specific technologies in a consumer protection stance, for example, as we start amending our lemon laws to allow people to buy their cars at home. Right now, Massachusetts has a requirement that there be a disclaimer of various warranties, and other notices placed on the windshield. That is a paper requirement. It is based on a known business model, where a consumer goes into the lot. They see the notice, and so forth. It is a media-specific requirement. As we start transforming our business models to allow these things to occur online, when you don't have a consumer walking onto a lot and looking at a windshield before they make a decision; at some point we are going to have to say something-- some sort of equivalent language like, ``Must appear on a screen,'' or something. Similarly, with securities regulation and many other areas of law--banking and on down the line--where there is consumer protection and other media-specific protection for notices and conspicuous terms in place; at some point the State legislatures and law makers at every level of government will have to come up with equivalent types of standards. That is by definition; discriminating in favor of, or against, a particular implementation. The trick here is going to be making sure that you allow us to responsibly apply the same kinds of jurisdiction that we have over commerce and other areas of law now, in the information age, without having an inconsistent or an undue impediment to interstate commerce. I think that will be the trick. Ms. McCarthy. Mr. Chairman, would you indulge me a follow- up question? I thank you very much for those thoughts. I think they are right on point. Mr. Greenwood. Thank you. Ms. McCarthy. I would like to know from Mr. Skogen, Mr. Curtis, and Mr. Siedlarz, if your industry has been involved in the drafting of the Uniform Model Code? Mr. Curtis. No, we have not. Ms. McCarthy. Oh, yes, Mr. Siedlarz? Mr. Siedlarz. Same answer. Ms. McCarthy. You have not. Mr. Skogen? Mr. Skogen. Apparently, we do, in fact, have State representatives that have been involved in doing that. Ms. McCarthy. Okay. Well, Mr. Pincus, are you concerned that your efforts in this area could be for naught if the model is effectively preempted? Mr. Pincus. Well, we have concerns, as I said earlier and laid out in my written testimony, that we not do anything that would lead to controversy about whether the UETA, once it is enacted by the States, provides the governing law; and that there not be a lot of controversy about whether its provisions are preempted. Obviously, such controversy creates the very uncertainty that everyone is trying to remove. So that is why in our view, to the extent there is to be any intervening Federal law, the best approach is to design an interim gap-filler until the States adopt the UETA. Then the Federal law would fade away. It literally would exist only to fill that gap to the extent that the subcommittee decided there was a gap that needed to be filled; it would not be a continuing Federal overlay on the State law that is eventually adopted. Ms. McCarthy. Well, I think that makes a great deal of sense. In fact, there is language in H.R. 1320 that I think attempts to achieve what you just articulated with regard to this issue of preemption. I would hope that this subcommittee would take a look at this particular point. I know, Mr. Chairman, others before me have raised the concern that when we enter this arena, we do so with the most study and the most well-chosen words so that we don't find out at the end of the process that all was for naught, and we are back to square one. This technology is taking off without us, like that toboggan down that snowy hill. Mr. Pincus, you expressed concern, in your testimony that I have before me, about the bill's provisions requiring electronic signatures to meet reasonable requirements. I think that is appropriate. How might this provision lead to problems in the interpretation that covers the impact of the viability of the model code, or the model bill? Mr. Pincus. Well, as I mentioned, the real model of authentication that businesses are using now are these closed systems that are set up contractually, in which people pick whatever authentication regime works for the level of business and level of security they need. Our position, and it is also a position that has been adopted by the drafters of the model law, is that those agreements should be enforced. Therefore, if that authentication method is used subsequently, those contracts should be legally binding. Our concern is that the use of the word ``reasonable'' would provide a basis for a judge to say, ``Well, I don't like the authentication method that these parties chose for their transactions; so none of them are legally enforceable.'' Especially internationally, where there will be different domestic legal regimes, we think the contractual method is going to be the way cross-border transactions will be facilitated. We don't want to have a U.S. model that allows judicial second guessing or to have such a model adopted by other countries. Ms. McCarthy. I appreciate your involvement in this process. I understand the National Governors' Association is engaged in it, as well, with the National Conference. I would hope the National Conference of State Legislatures would be included, because an awful of lot these States have measures already enacted. It is imperative that those voices be at the table as well. Mr. Chairman, you have been so gracious and kind. I thank you for extending this time for me. Mr. Tauzin. Well, I beg to differ. I have never met anyone more gracious than you, Ms. McCarthy. I thank you for that. Let me thank you all, in fact, for your patience and your kindness in educating us. I have always called this one of the best universities in America that we attend. We have a chance to do what Mr. Largent did, which is to say, ``Do that again so I can understand it.'' We learn. You have taught us a lot today. Let me point out, Ms. McCarthy, that one of the problems we have in this debate we are going to have over preemption is the fact that there are a number of States who have adopted ``digital signature only,'' and authentification technology ``certified by the State only;'' which runs counter to the technology-neutral concept that is embodied in this bill. For example, the biometrics concepts of iris identification would not be allowed in a number of these State jurisdictions because of the fact that is not an authentication technology approved by the State. It is not a digital signature technology as required by the State. So we are going to have a little difficulty in working that out. I think the best admonition is that we do it in a way that sets a national standard, but doesn't preclude improvements that the Uniform Code authorities eventually might want to bring to States and to the national government in the future, as technology continues to teach us that there are different ways to do things than the way we did it yesterday. Let me finally say that it was a learning lesson for us that some of you asked that we e-mail our invitations to you to come to this hearing today. We had to--regrettably--inform you that we couldn't do so because we could not authenticate the source of that e-mail; and you might not, therefore, have been officially invited to attend here today. Next time, perhaps, when we invite you we will have a system in place where we can communicate with you; and in this e-commerce world, authenticate who we are. You can authenticate your identities to us. We can maybe establish a hearing in cyberspace where you will not even have to get through the traffic jams in Northern Virginia, as Mr. Upson did, to be with us. Thank you very much for teaching us today. The hearing stands adjourned. [Whereupon, at 12:10 p.m., the subcommittee was adjourned.] [Additional material submitted for the record follows:] Prepared Statement of the Business Software Alliance Introduction The Business Software Alliance (BSA) appreciates the opportunity to provide our views on H.R. 1714, the ``Electronic Signatures in Global and National Commerce Act'' (E-SIGN). BSA's members represent the fastest growing industry in the world, and are leaders in the development of products and services that support electronic commerce and enhance consumer convenience. BSA's worldwide members include Adobe, Attachmate, Autodesk, Bentley Systems, Corel Corporation, Lotus Development, Microsoft, Network Associates, Novell, Symatec and Visio. Additional members of BSA's Policy Council include Apple Computer, Compaq, IBM, Intel, Intuit and Sybase. Facilitating Electronic Commerce Electronic commerce is the American success story of the decade. The value of commercial transactions taking place on the Internet is expected to double, even triple, annually as consumers and businesses grow to understand the vast communications and commercial potential of the Internet as a medium of commerce. According to Forrester Research Inc., business-to-business e-commerce is expected to top $1.3 trillion by the year 2003. Consumers are also increasingly purchasing goods and services online. Forrester Research estimates that consumers spent $8 billion in 1998 on the Internet, buying books, CDs, clothing and other items. The growing electronic marketplace provides unparalleled opportunities for economic growth worldwide. However, the willingness of both consumers and commercial firms to engage in electronic contracting and other critical aspects of commerce online will depend, in large measure, on reliable, well-developed legal structures governing the formation of electronic contracts and the rights of parties thereto. It is an unavoidable fact that parties will be deterred from contracting and fully utilizing the commercial potential of the Internet if the governing legal rules are uncertain and thus their risks unascertainable. This is especially true in the online world that knows no geographic boundaries. Such an environment places a premium on harmonious legal structures that do not depend on state or international borders, allowing parties to form electronic contracts without undue concern as to their validity and enforceability. The need for certainty in the governing legal rules of e-commerce goes well beyond the ability to ``contract'' electronically. For example, users of design and architectural software would gain tremendous efficiencies if professional engineers were able to electronically ``seal'' drawings by virtue of a digital signature. This would be the functional equivalent of placing a stamp on the physical drawing signifying that this person, with expertise, has signed off on the drawing. A consistent set of rules relating to electronic signatures is required for this to ever become a reality. This goal is threatened by a dizzying array of state legislation governing electronic signatures. These state laws and policies range from highly detailed, prescriptive statutory regimes to very general enabling statutes. If parties are left with no alternative other than to navigate a maze of potentially inconsistent and inadequate state laws, the growth of a seamless and frictionless electronic commerce marketplace will be thwarted. Although the Uniform Electronic Transactions Act (UETA)--a long-running effort that seeks to provide a common model electronic signature law for the states' consideration-- will receive final consideration at the July, 1999, meeting of the National Conference of Commissioners on Uniform State Laws (NCCUSL), the prospects for comprehensive, consistent and timely action by all fifty states with respect to UETA remains uncertain at best. Federal legislation is therefore necessary to bring certainty and reliability to electronic transactions, thereby encouraging greater confidence in electronic commerce. This is not simply an important consumer issue; it is an important business issue. Consumers may be willing to conduct small transactions in the online environment despite the uncertainty regarding their legal rights and the effectiveness of their actions precisely because their transactions are of small value. Businesses, however, will be more reluctant to undertake large transactions online unless the rules governing their transactions are reasonably well developed and understood. In the end, online commerce has to encourage business-to-business transactions if it is to achieve its full potential. The development of appropriate rules to foster online commerce in the United States has real import for the competitiveness of our economy. Europe, for example, is rapidly moving to put in place a detailed EU directive on electronic signatures, and the United States cannot afford to fall behind with respect to the development of a coherent, effective legal structure that supports and fosters online commerce. Electronic commerce will achieve its potential only if governments domestically and around the world create sound legal structures that bring certainty and predictability to electronic transactions so that electronic commerce can become a secure, ubiquitous and global marketplace. Comments on the ``Electronic Signatures in Global and National Commerce Act'' (H.R. 1714) BSA supports H.R. 1714, and views it as a very positive step forward in developing an effective legal structure for online commerce in the United States. H.R. 1714 is consistent with a number of basic principles, outlined below, that BSA considers essential to support electronic contracting. However, in two limited respects, BSA believes H.R. 1714 should be clarified to afford parties true flexibility in electronic contracting, and enable all forms of electronic signatures to thrive in business-to-business electronic commerce. (1) Technology Neutrality. BSA considers it essential that federal electronic signature legislation be technology neutral. No one knows precisely how electronic signature products will develop. However, all agree that the market will demand a variety of products and services offering varying levels of cost and security, and that users will select the appropriate mix of cost and security based on the value of the particular transaction. To ensure that industry can provide electronic signature products and services that meet the whole range of consumer needs, the regulatory framework must be sufficiently flexible to permit and recognize new signature technologies so as not to stifle innovation. H.R. 1714, which does not mandate or provide legal or other advantages to certain technologies, is consistent with this important principle. (2) Non-Discrimination. Federal electronic signature legislation should ensure that electronic signatures, and the contracts and records to which they are attached, generally are not subject to rules and requirements that are more onerous than those applicable to traditional signatures and contracts. Any exceptions to this basic principle of non-discrimination should be narrowly drawn and clearly defined. H.R. 1714 appropriately advances this principle, drawing narrow exceptions only for rules relating to wills, codicils or testamentary trusts, and to adoption, divorce or other matters of family law, all of which BSA finds acceptable. (3) Market Driven Technical Standards. Federal electronic signature legislation should not impose mandatory technical standards regarding electronic signature products or extend legal benefits only to signatures generated by products meeting certain prescribed technical standard. Although some standardization may benefit consumers, the information technology sector has been very successful in developing necessary technical standards through consumer choice and industry consensus. Such market-driven standards fully respond to consumer demand and avoid the rigidity of government-imposed, mandatory standards that would inevitably impede technological development, distort markets in electronic signature products, and ultimately restrict consumer choice. H.R. 1714 is consistent with this principle in that it does not impose any technical standards for electronic signature products. (4) Closed System and Limited-Use Certificates. Federal electronic signature legislation should be drawn broadly enough to give legal effect to electronic signatures that are used in closed systems or that are accompanied by limited-use certificates. In both instances, a signatory is allowed to access information, utilize services or engage in particular transactions based on a preexisting relationship between the signatory and the recipient (e.g., employment of the signatory by the recipient; signatory's membership in a buying cooperative operated by recipient). As a result, the signatory and the recipient are fully aware of the limited permissible uses of the electronic signature and any accompanying certificate. It is anticipated that the use of electronic signatures within closed systems and with limited-use certificates will be major component of electronic commerce, and therefore it is vital that electronic signatures be given full legal effect and recognition in such contexts. H.R. 1714 is consistent with this principle in that its definition of electronic signature is broad enough to encompass electronic signatures used in closed systems or accompanied by limited-use certificates. (5) Federal Preemption. Federal electronic signature legislation should include a preemption provision that reasonably balances the interest of the states with the need to develop in a timely fashion, a coherent, harmonious set of rules to govern the use of electronic signatures and electronic records throughout the United States. Thus, in those instances where states have enacted rules that are not consistent with the basic principles established in federal legislation or where states simply have not acted to provide the necessary legal rules for the use of electronics signatures, uniform federally established rules would govern and facilitate the use of electronic signatures. H.R. 1714 is consistent with this principle in that it provides a set of federal rules regarding the non-discriminatory recognition of electronic signatures, but allows the states a reasonable opportunity to legislate their own rules governing the use of electronic signatures so long as such rules are consistent with the basic principles reflected in the bill. (6) International Harmonization. Federal electronic signature legislation should be carefully crafted so as not to impose any legal rules that discriminate against, or preclude the use of, electronic signatures from other countries. Electronic commerce is truly borderless. Accordingly, federal legislation should provide equivalent treatment for all electronic signatures, whether generated within the United States or abroad. This is important not only to facilitate the use of electronic signatures within our borders, but also to encourage other nations to afford comparable treatment to electronic signatures generated in the United States. H.R. 1714 is consistent with the principle in that it does not establish any federal rules that discriminate against electronic signatures generated outside the United States. (7) Party Autonomy. Federal electronic signatures legislation should expressly incorporate and support the principle of freedom of contract among private parties with respect to the terms and conditions on which they will accept and use electronic signatures and electronic records. Parties should be free, on an informed basis, to establish by agreement the terms and conditions (including choice of law rules and rules of liability) on which they will use and accept electronic signatures for purposes of contracting and otherwise. The ability to vary electronic signature rules by agreement will enable parties to be responsive to the needs and demands of the marketplace, and will thereby facilitate the growth of electronic commerce. H.R. 1714 generally is consistent with this principle, although the language of the bill's party autonomy provision (Sec. 101(b)) warrants limited revision to clarify its applicability to all terms and conditions on which parties will use and accept electronic signatures. BSA has attached suggested language to clarify this provision. (8) Electonic Agents. Federal legislation governing electronic signatures should encompass signatures; generated by so-called electronic agents--that is, by computer programs that initiate or respond to messages without human intervention--in business-to-business transactions. Electronic agents already are in widespread use in systems where they effect transactions on behalf of principals, who have created such agents and authorized them to act on their behalf (e.g., in online supplier and data exchange systems). As electronic commerce grows, the use of electronic agents is expected to become even more prevalent, for electronic agents facilitate more efficient conduct of online commerce. Within this context, if electronic commerce is to reach its full potential, electronic signatures generated by electronic agents must be given the same legal effect as electronic signatures generated by principals themselves. It is unclear whether H.R. 1714 in its current form encompasses electronic signatures generated by electronic agents. BSA has attached suggested language to make clear that electronic agent-generated signatures are covered by the bill's provisions. conclusion H.R. 1711 appropriately recognizes that, for electronic commerce to achieve its potential, transparent and predictable legal structures must be established that support global business and commerce. BSA supports H.R. 1714, and appreciates the opportunity to provide its comments on this important piece of legislation. BSA's member companies and its staff stand ready to serve as a resource for the Subcommittee and its staff with regard to BSA's suggested revisions and any other issues relating to this critically important topic.