1

ESIGN 101(For the Uninitiated and the “Old Hands”)

Or How to Use Electronic Records and Signatures to Grow Your Business

AICP Great Lakes Chapter Education DayMay 14, 2015

Margo H.K. TankPartner

2

Disclaimer

© 2015 BuckleySandler LLP. All rights reserved. No copyright claimed on images licensed from others. No part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording or otherwise) without the express prior signed permission of the author. This presentation is for purposes of education and discussion. It is intended to be informational only and does not constitute legal advice regarding any specific situation, product or service.

3

The Statutes

• The state law solution – the Uniform Electronic Transactions Act (UETA)

• The Federal solution – the Electronic Signatures in Global and National Commerce Act (ESIGN)– Overlay statutes– Authorize replacing writings with electronic records– Authorize electronic signatures– Require affirmative “opt-in” by parties -- but opt-in may be shown by

surrounding circumstances

• The Outliers – New York, Illinois, Washington State• The Extra Outlier – California• Statutes that are “Special” – UCC Articles 4A, 5, 8 and 9• Regulators that are “Special” – SEC and IRS

4

The Whole Point of the Statutes

• A record or signature may not be denied legal effect or enforceability solely because it is in electronic form

• If a law requires a record to be in writing, an electronic record satisfies the law

• If a law requires a signature, an electronic signature satisfies the law

5

How It Works

Barwick v. Geico• Geico issued an automobile insurance policy to

an individual who applied for the policy over the Internet.

• As part of the application process, the applicant elected to waive medical benefits coverage, and electronically signed a statement rejecting the coverage.

• At the time of the application, Arkansas’ insurance law required that medical benefits coverage could only be rejected by a signed “writing.” However, Arkansas had also adopted the UETA prior to the date of application.

• Geico issued the policy without medical benefits coverage. The applicant later married the plaintiff, Barwick, who was driving the car covered by the Geico policy when he was struck by another vehicle, sustaining injuries. Barwick submitted medical bills for payment under the Geico policy. Geico rejected the claim.

Arkansas Supreme Court• When sued by Barwick, Geico moved for

summary judgment, pointing to the electronic waiver of coverage signed by the applicant. The applicant admitted signing the waiver.

• Barwick claimed the waiver was not effective because it was not signed “in writing”, as required by the insurance statute. The Arkansas Circuit Court rejected Barwick’s argument and granted summary judgment in favor of Geico.

• On appeal, the Arkansas Supreme Court affirmed. The Court held that the plain language of the Arkansas UETA authorized the use of electronic records and signatures to satisfy the writing requirement in the insurance statute.

6

The Scope of the Statues

• Applies to the use of electronic records and signatures in virtually any business-to-business or consumer transaction, unless specifically excluded– UETA applies to state law– ESIGN applies to federal law and state law (subject to special

preemption rule)– Parts of the UCC fill in the rules for Wire Transfers, Letters of

Credit, Securities and Personal Property Security Agreements– SEC and IRS “roll their own”

• Covers (among many other things):– Insurance

7

The Scope of the Statutes

• What to stay away from:– Many “bad things are gonna happen” notices– Many “bad things have happened” notices– Unhappy family stuff (Divorce, Death)– Happy family stuff (adoption, testamentary trusts)– Hazardous waste (like you had to be told, right?)

8

Getting the Opt-In

• For business-to-business transactions, any old agreement to use electronic records and signatures will do (express, or implied from circumstances – like turning on your computer) .

• For consumer transactions where the consumer is entitled to receive information “in writing” – – Under ESIGN (for federal requirements), and – Under UETA in 17 states (for state requirements):

• Consumer must affirmatively consent• Other party must provide disclosures prior to consent in clear and

conspicuous statement• Consent must “reasonably demonstrate” ability to receive documents

9

Getting the Opt-In: Part 2

• “Reasonable demonstration”– Consumer consent must

• Be electronic or be confirmed electronically• Include a “reasonable demonstration” of consumer’s ability to access information in the electronic form(s)

provided– Legislative history in ESIGN attempts to set standard

• Test is not intended to “burden commerce”• Email confirming receipt of test files is sufficient

– Failure to include “reasonable demonstration” in consent process may not be used as basis to invalidate contract

• “In person” consent/demonstrations can be tricky– The “Now”

• Demonstration of ability to view – “they came, they saw, they clicked”• Demonstration of ability to retain – relying on self-reporting

– The “Later”• What constitutes a “reasonable demonstration” of the ability to access the records after the consumer

leaves the place of business?• What special risks are created by relying on self-reporting to establish a “reasonable demonstration” for

future, off-site communications?• Are special state law requirements pre-empted?

10

The Key Definitions

• “Record” means information that is inscribed on a tangible medium, or that is stored in an electronic or other medium and is retrievable in perceivable form – All writings are records, but not all records are writings– “Electronic Record” is virtually any stored record that is not on

paper

• “Electronic Signature” means an “electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record”

11

Electronic Signature

• Includes:– Traditional ink signatures– Typed names– A click-through on a software program’s dialog box combined

with some other identification procedure – Biometric measurements – A digitized picture of a handwritten signature– A complex, encrypted authentication system– Electronic voice transmission

• Recording may be required to establish proof (and possibly to meet the “attached or logically associated” standard)

• Beware contract limitations on use of voice signatures

12

Electronic Signature: The Tricky Bits

• Legal sufficiency vs. attribution– UETA and ESIGN answer the question “is it a signature?”– Do NOT answer the question “is it your signature?”

• Attribution must be proven– May be proven by any means, including surrounding

circumstances or efficacy of agreed-upon security procedure– Burden of proof is on person seeking to enforce signature

• Intent must also be established – watch out for:– Placement of the signature “call to action”– “Multi-signing” in consumer transactions

13

How It Works

Zulkiewski v. General American• Dr. Zulkiewski took out a $250,000 life insurance policy from

General American. Prior to the events in dispute, his mother was named as beneficiary on the policy.

• Dr. Zulkiewski married his second wife.• General American permitted customers who enrolled in the

company’s eServices to change beneficiaries online. To prove identity and enroll in the service, the applicant was required to enter the policy number, and the insured’s social security number, mother's maiden name, and an e-mail address. The applicant then chose a password and verified it. An email confirmation was sent to the insured.

• Someone enrolled in the eService as Dr. Zulkiewski, providing all the proper information, and then changed the policy beneficiary to the second wife, electronically signing the beneficiary change form. A further email alert was sent to the Doctor’s email address giving notice of the change. Shortly thereafter, Dr. Zulkiewski died.

• Dr. Zulkiewski’s mother sued to obtain the insurance proceeds, claiming that General American’s security procedure was insufficient to prevent an unauthorized signature on the change form, and arguing that before the change could be enforced General American had to prove that the form was signed by Dr. Zulkiewski. His mother argued that the second wife or a “person unknown” could have passed the security procedure and signed the change form.

• The wife filed an affidavit denying the allegations.

Court of Appeals of MichiganThe Marquette Circuit Court for the State of Michigan granted summary judgment for General American. On appeal, the Court of Appeals affirmed. The appellate court held:• Under Michigan’s UETA, an electronic signature may

be attributed to a person by any reasonable means.• In the case at hand, the following undisputed facts

were sufficient to establish attribution:– The aggregate information required to enroll in the

eService would be known to only a few people;– General American provided follow-up alerts to the

Doctor’s email address confirming the beneficiary change, and

– The Doctor’s widow presented an affidavit denying any involvement in the beneficiary change.

• The court observed that the Doctor’s mother had offered no evidence that the widow or another person had signed the change form, but just “conjecture” that such a thing might have happened. The court held that idle conjecture was not enough to overcome the facts supporting attribution.

14

How It Doesn’t Work

Adams v. Quicksilver, Inc.• Adams filed suit against Quicksilver for wrongful termination.

Quicksilver filed a motion to compel arbitration, based upon an arbitration agreement Adams allegedly signed electronically at the time she applied for employment. The agreement was sent to Adams via a hyperlink in an email – no password or other credential was required to access the form – just the hyperlink.

• The agreement included at least two places where Adams was to add an electronic signature by typing her name into a blank field. The second signature block was at the end of the form, after provisions in the agreement calling for mandatory arbitration of disputes. Quicksilver produced a copy of the agreement that had been stored on the system of its vendor and contained Adams full name (including middle name) typed on the signature line after the arbitration agreement. The system used by Quicksilver provided no audit trail for the signing process, so it could not be determined when the record was signed.

• Adams argued that she had not signed the agreement. She admitted filling out other blanks in the agreement and saving/submitting it back to Quicksilver, but claimed that she had not seen the arbitration provisions or the signature block at the end of the agreement. She pointed out that her full name was typed in the signature block, and that she always omitted her middle name when signing. Several other examples of her signature were provided to the court that did not include her middle name.

• The vendor’s system did not protect the signed record against post-execution alteration, and the post-execution audit trail maintained by the vendor showed that two Quicksilver employees had accesses the record after it was first saved and submitted for storage.

Court of Appeals of California• The district court granted the motion to

compel, and Adams appealed. The California appellate court reversed, referencing the attribution rules in California’s UETA and concluding that attribution had not been established by a preponderance of the evidence.

• In deciding that the electronic signature could not be attributed to Adams, the court cited several specific facts:– Adams did not have to use a password or

other credential to access the record– There was no audit trail for the signature

process– The record was not protected against

undetected post-signature alteration– At least two Quicksilver employees had

accessed the signed record after it was saved and submitted by Adams

15

Electronic Retention of Records: ESIGN & UETA

• ESIGN and UETA allow copies of contracts and state and federal disclosures to be retained electronically so long as the contract or other record:– Accurately reflects the information set forth in the contract or other record– Remains accessible to all persons who are entitled to access by statute,

regulation, or rule of law, for the period required by such statute, regulation, or rule of law in a form that is capable of being accurately reproduced for later reference, whether by transmission, printing, or otherwise

• Electronic records meeting this test can satisfy “original” requirements

• Consequences for failure to retain appropriately– Impaired enforceability– May not satisfy regulatory writing, delivery or signing requirements– May not be admissible in court

16

Record Retention

• Challenges:– Document integrity

• Contents sent are same as contents received; • Record management system has ability to prevent unauthorized

modifications or changes to stored records.– Content prints/stores accurately. – Content will need to migrate due to technology advances.

17

Admissibility/Reliability

• Courts evaluating the integrity of an electronic record may be expected to focus on system protections – – Access controls– Encryption of executed documents to prevent undetected

alteration– Activity logs– Security of copies stored offsite to verify content– Conversion to paper– Data Migration– Evidence (preserving evidence of data integrity, versions, screen

shots, and process flows is essential to winning the case; See Bar-Ayal v. Time Warner)

18

ESIGN §104 Retention Performance Standards

• Federal and State regulators can establish record retention performance standards for:– Accuracy– Record Integrity– Accessibility

• Performance standards should generally be technology neutral

• Performance standards can impose greater costs or impose higher burdens on eRecords over paper records if the requirement:– Serves an important government objective; and– Is substantially related to achieving that objective

19

ESIGN §104 Paper Requirements

• Federal and State agencies cannot impose or reimpose a requirement that a record be in tangible printed or paper form

• Unless– Compelling government interest relating to law enforcement or

national security; and– The requirement is essential to attaining such interest.

20

Controlling Risks with SPeRS

What is it?• SPeRS (Standards and Procedures for Electronic Records and Signatures)

– www.spers.org

• A cross-industry initiative to establish commonly understood “rules of the road” available to all parties seeking to take advantage of the powers conferred by ESIGN and UETA.

• Founded on the proposition that much of the time and effort being invested by companies “re-inventing the wheel” could be avoided if cross-industry standards for these elements of electronic transactions could be established.

• Focused on the behavioral and legal aspects of the interaction between parties to the transaction, not on technology. SPeRS is intended to be technology neutral.

• Standards are not necessarily legal minimums, but implementing the standards should enhance reliability and sufficiency.

21

The SPeRS Structure

• SPeRS is divided into five sections:– Authentication– Consent– Agreements, Notices and Disclosures– Electronic Signatures– Record Retention

• Each section is composed of an Introduction and Outline and a series of Standards with supporting materials.

22

Questions or for SPeRS

Margo H.K. TankBuckleySandler LLP

1250 24th Street, NWSuite 700

Washington, DC 20037202.349.8050

mtank@buckleysandler.comwww.buckleysandler.com