Fundamentals of Electronic Signature Law
Transcript of Fundamentals of Electronic Signature Law
Cosponsored by the Solo and Small Firm Section
Monday, November 9, 2020 Noon–1:15 p.m.
1.25 General CLE credits
Fundamentals of Electronic Signature Law
iiFundamentals of Electronic Signature Law
FUNDAMENTALS OF ELECTRONIC SIGNATURE LAW
SECTION PLANNERS
Kelly Doyle, Doyle Law, Oregon CityRob Hofmann, The Hofmann Legal Group, BendJorden Piraino, Oregon Legal Center, West Linn
Hertsel Shadian, Hertsel Shadian, Attorney at Law, LLC, PortlandArnold Wuhrman, The Wuhrman Law Firm, Lake Oswego
OREGON STATE BAR SOLO AND SMALL FIRM SECTION EXECUTIVE COMMITTEE
Jorden James Piraino, ChairJohn C. Koch, Chair-Elect
Hertsel Shadian, Past ChairArnold H. Wuhrman, Treasurer
Diane C. Cady, SecretaryStefyni Allen
Kelly Michael DoyleJulia Fraser
Andrew D. GinisC.J. Graves
Ekua A. HackmanDona Marie Hippert
Rob HofmannJames Mills
Scott D. SchnuckEllyn R. Stier
Caitlin M. Wong
The materials and forms in this manual are published by the Oregon State Bar exclusively for the use of attorneys. Neither the Oregon State Bar nor the contributors make either express or implied warranties in regard to the use of the materials and/or forms. Each attorney must depend on his or her own knowledge of the law and expertise in the use or modification of these materials.
Copyright © 2020OREGON STATE BAR
16037 SW Upper Boones Ferry RoadP.O. Box 231935
Tigard, OR 97281-1935
iiiFundamentals of Electronic Signature Law
Table of Contents
Schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
Faculty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
Presentation Slides: Electronic SIgnature Fundamentals . . . . . . . . . . . . . . . . . . . . . . . 1
ivFundamentals of Electronic Signature Law
vFundamentals of Electronic Signature Law
SCHEDULE
12:00 Fundamentals of Electronic Signature Law With the advent of the COVID-19 pandemic and social distancing restrictions, there is a swift move to electronic signing for documents of all sorts. Do we, as practitioners, really have a handle on when electronic signatures are considered legally valid and binding and what steps must be taken to make sure that electronic signatures are truly authentic? Learn from an expert, who discusses:F The legal framework with respect to electronic signatures in the United StatesF Key considerations when using electronic signatures in a particular situationF The legal framework with respect to electronic signatures in the European UnionDaniel Puterbaugh, Director of Product, IP & Regulatory Affairs, DocuSign, Inc., San Francisco
1:15 Adjourn
FACULTY
Daniel Puterbaugh, Director of Product, IP & Regulatory Affairs, DocuSign, Inc., San Francisco. Mr. Puterbaugh is an attorney with 20 years of experience in technology transactions and product support. He has expertise in drafting both custom and template agreements and with application and cloud service launches and updates. He is involved with regulatory groups such as eIDAS, Aadhaar, GDPR, My Number, and UK Gov Verify, and with laws that shape how organizations move forward. He holds a CIPP/US certification from the International Association of Privacy Professionals.
viFundamentals of Electronic Signature Law
1Fundamentals of Electronic Signature Law
0 | DocuSign PUBLICDocuSign RESTRICTIED CONFIDENTIAL
Electronic Signature Fundamentals
Dan PuterbaughDirector, Product, IP & Regulatory Affairs
November 9, 2020
1 | DocuSign PUBLIC
Agenda
◼US Electronic Signature Framework
◼Key Considerations
◼EU Electronic Signature Framework
2Fundamentals of Electronic Signature Law
2 | DocuSign PUBLIC CONFIDENTIAL
E-Signature Framework
▪ Uniform Law Commission proposed Uniform Act to reconcile inconsistent electronic signature state laws (1999)
▪ Quick, yet not fully consistent adoption• Adopted by 47 states, plus DC, Puerto Rico, and the Virgin Islands• NY, WA, and IL adopted alternative electronic signature laws
• WA recently repealed its state law; defers to ESIGN• California adopted UETA, but with some modifications
Uniform Electronic Transactions Act UETA
3 | DocuSign PUBLIC CONFIDENTIAL
E-Signature Framework
Electronic Signatures in Global and National Commerce Act ESIGN
▪ Effective Date: October 1, 2000
▪ Federal version of UETA, for transactions in or affecting interstate or foreign commerce
▪ Introduced consumer disclosure requirements
▪ Preempted nonconforming state laws
3Fundamentals of Electronic Signature Law
4 | DocuSign PUBLIC CONFIDENTIAL
E-Signature Framework
UETA ESIGN
▪ Both laws act as overlay statutes▪ Authorize replacing writings with electronic records▪ Authorize replacing ink signatures with electronic signatures▪ Require affirmative opt-in by parties (can be express or implied)
▪ Technology agnostic▪ Permissive, rather than proscriptive ▪ In contrast to global framework, simple, advanced and qualified
5 | DocuSign PUBLIC CONFIDENTIAL
Five Principles of ESIGN / UETA
1
2
3
4
5
Record/signature may not be denied legal effect or enforceability solely because it is in electronic form
If a law requires a record to be in writing, an electronic record satisfies that law
If a law requires a signature, an electronic signature satisfies that law
If a law requires preservation/production of an “original,” the “original” requirement is satisfied by an electronic record
Electronic records can satisfy writing and original requirements so long as the electronic record:• Accurately reflects information in the record to be
produced after it was first generated in its final form• Remains accessible for later reference
4Fundamentals of Electronic Signature Law
6 | DocuSign PUBLIC
Scope of Statutes
Some Exceptions Some consumer notices e.g. foreclosure or utility service
termination
”Land and Family: Wills, codicils, testamentary trusts
Covered
Residential / commercial real estate transactions Commercial / consumer loans and leases Contracts / licenses
Sales / leasing of goods Insurance policies Most securities transactions Most tax documents Notarization / recording (generally)
7 | DocuSign PUBLIC
Definition of Electronic Signature under ESIGN / UETA
Includes:• Typed names• A click-through on a software program’s
dialog box combined with some other identification procedure
• Recorded voice • Biometric measurements • PIN• A digitized picture of a handwritten signature• Digital signature (discussed on next slide)
“Electronic signature” means: • an electronic sound, symbol, or process • attached to or logically associated with
a record• executed or adopted by a person with
the intent to sign the record
5Fundamentals of Electronic Signature Law
8 | DocuSign PUBLIC CONFIDENTIAL
“Electronic record” means a record created, generated, sent, communicated, received or stored by electronic means
Critical to consider how the record of assent (the electronic signature) will be saved and recorded. Reliability of retention is critical.
Definition of Electronic Record under ESIGN and UETA
9 | DocuSign PUBLIC
Key Considerations
Authentication
Attribution of the e-signature to the correct person:
Is the signer who they say they are?
Compliance
Observance of rules & laws applicable to the underlying transaction
Life sciences and financial services sectors
Admissibility
Admitting the electronic record into evidence
Maintaining a record and best practices
6Fundamentals of Electronic Signature Law
10 | DocuSign PUBLIC
Authentication Legal sufficiency vs. attribution• UETA / ESIGN answer the question “Is it a signature?”• Does NOT answer the question “Is it your signature?”
Attribution must be proven (factual inquiry)• ESIGN/UETA require proof of attribution. Can be by any means, including surrounding circumstances or efficacy of agreed-upon security procedure
• Several practical means for authenticating a signer (e.g., SMS, Knowledge-Based Authentication (KBA), ID verification)
• Burden of proof is on person seeking to enforce signature (preponderance of evidence)
Case illustrations:• Mansour v. Kmart Corp., Inc., 2018 WL 3575062 (D. Md. July 2018)• Ruiz v. Moss Bros. Auto Group, 232 Cal. App. 4th 836 (Cal. App. 4th Dist. 2014)
11 | DocuSign PUBLIC CONFIDENTIAL
Ruiz v. Moss Bros. Auto Group 232 Cal. App. 4th 836 (Cal. App. 4th Dist. 2014) Court refused to enforce an employer’s arbitration agreement, finding that the employer did not present sufficient evidence that the electronic signature on the arbitration agreement was “the act” of the employee. Authentication of an e-signature must be proven (just as with a paper signature) although the burden to do so is “not great.”
Authentication
7Fundamentals of Electronic Signature Law
12 | DocuSign PUBLIC
ComplianceLaws governing the underlying transaction
– Assigning a Copyright with US Copyright office – Life Sciences – 21 CFR Part 11
– Signature level credentials; signing reason
Life Sciences and Financial Services– Specific requirements for record presentation form, time and
sequence
Unfair and deceptive acts and practices (UDAAP / UDAP)– General principles of unfair and deceptive practices have on
occasion been used to invalidate electronic contracts that otherwise might be effective.
Guiding principle: do no harm – use the electronic medium to enhance, not obscure, effective delivery
13 | DocuSign PUBLIC
Admissibility Admissible under the FRE (Lorraine v. Markel American Ins. Co., 241 F.R.D. 534, 538 (D.Md. 2007))
Preserving evidence of data integrity, screen shots and process flows is essential–Identification to original transaction–Freedom from alteration (integrity question may impair ability to get evidence admitted)
–Adams v. Quicksilver case: employee signed various employment agreements; employer system allowed for post-execution revision/tampering
–Chain of custody audit trail (Certificate of Completion)
Design document management policies, systems with system & record protections in mind (such as developing backup procedures, audit logs & encryption methods to enable the demonstration that the records have not been tampered with, data deterioration procedures, system security safeguards)Case illustrations:
• Lorraine v. Markel American Ins. Co., 241 F.R.D. 534, 538 (D.Md. 2007) • In Re Vee Vinhnee, 336 B.R. 437 (9th Cir. BAP (Cal.) 2005) • Adams v. Superior Court [Adams v. Quicksilver, Inc.], no. G042012 (Cal. App. 4th Div. Feb. 22, 2010)
(unpublished)
8Fundamentals of Electronic Signature Law
14 | DocuSign PUBLIC
Evidentiary Requirements
Evidence presented through affidavits or testimony must describe for the court:
An electronic signature process which:• Identifies the signer (unique username/password, email address, other authentication, IP address)• Produce evidence of the signer’s intent to sign (ESIGN Consent acceptance, signature tab)• Creates an audit log documenting all events (Certificate of Completion)
– Sends a copy of fully executed record to signer– Focus on record integrity (tamper-seal, system digital signature, hash)
Case illustrations:• IO Moonwalkers, Inc. v. Banc of Am. Merch. Servs., LLC 814 S.E.2d 583 (2018)• Alliant Credit Union v. Abrego, No. 76669-4, 2018 Wash. Appp. LEXIS 2964 (Ct. App. Dec. 31, 2018) • Fabian v. Renovate America, Inc. 255 Cal.Rptr.3d 695 (Cal.Ct.App.2019)• Harpham v. Big Moose Inspection, No. 321970, 2015 WL 5945842 (Mich. App. October 13, 2015)
15 | DocuSign PUBLIC CONFIDENTIAL
Fabian v. Renovate America, Inc. 255 Cal.Rptr.3d 695 (Cal.Ct.App.2019)
Commercial dispute involving electronic signature on agreement to purchase solar power system.
Renovate offered little more than a bare statement that Fabian "entered into" the contract without offering any facts to support that assertion. They did not provide the court with the Certificate of Completion or a simple supporting declaration explaining the process for electronically signing the agreement.
Court opinion: “Renovate did not provide any evidence from or about DocuSign in its petition, reply, or supplemental declaration. Indeed, the word “DocuSign” does not even appear in any of Renovate’s moving papers.”
Evidentiary RequirementsCase Spotlight
9Fundamentals of Electronic Signature Law
16 | DocuSign PUBLIC
The Certificate of Completion
Key pieces of evidence• Hash on envelope (Envelope ID)• Timestamps on access
and signature• IP addresses• Consent to electronic process• Advanced signer identification
details (if used)
17 | DocuSign PUBLIC CONFIDENTIAL
Weighing the Evidence
◼ 5/1/2016 8:41:12 PM EST
◼ IP: 192.156.22.122
◼ Additional ID proofing options:
– One-time password
– SMS or phone authentication
– Knowledge based authentication
– Federated / SSO authentication
– Digital certificate validation
10Fundamentals of Electronic Signature Law
18 | DocuSign PUBLIC18 | DocuSign PUBLIC
A digital signature is:
• A specific kind of electronic signature that uses PKI encryption to bind identity and signature
• Enables the signer to apply signature (using a private key)
• Encrypts the document once signature is applied (digital certificate)
• Digital signature more prevalent in EU market (industry-standard in civil law jurisdictions)
The EU and Electronic Signature vs. Digital Signature
Electronic Signature
Digital Signature
19 | DocuSign PUBLIC
eIDAS
Mandates adoption by all EU member states
Enforces pan-EU interoperability
Legitimizes cloud-based signatures by removing smartcard or special hardware requirements
Uses a “tiered” approach that distinguishes between different types of eSignatures, granting them different legal weight
(Electronic IDentification, Authentication and trust Services)
11Fundamentals of Electronic Signature Law
20 | DocuSign PUBLIC
Tiered Structure Approach Under eIDAS
Electronic Signature Basic signature in electronic form No particular technology required to identify the signatory Enables most business and consumer transactions
Electronic Signature Requires a digital certificate to identify signatory Links signatory identity to the signed document Signature record must be able to show evidence of tampering
Electronic Signature Requires a digital certificate from a qualified Trust Service Provider (TSP) Special EU legal status: equivalent to wet signature (heightened probative value) May be required by law (e.g., Germany)
Standard Advanced
Qualified
21 | DocuSign PUBLIC
Thank You
12Fundamentals of Electronic Signature Law