• No results found

Chaptert 30 Electronic Signatures

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Chaptert 30 Electronic Signatures"

Copied!
7
0
0

Loading.... (view fulltext now)

Download now ( 7 Page )

Full text

(1)

Chaptert 30

Electronic Signatures

By Eric Aaserud

Vice President, Fedmarket.com

The last four chapters were devoted to the related subjects of women-owned, minority-owned, HUBZone and small business contracting. We're shifting now into electronic procurement -- or e-procurement -- a topic that seems to grow increasingly important by the day.

Over the next few chapters, we'll break down the general topic of e-procurement into the following sub-topics:

Electronic Signatures • • • • •

Government Purchase Cards Electronic Marketplaces Reverse Auctions FACNET

We begin with electronic signatures because it's an e-procurement cornerstone. The country's various electronic signature laws have helped make e-procurement possible. Any vendor involved in e-procurement will be operating under the blessing of one or more electronic signature laws.

Government e-Procurement Push

To compete for government business, vendors are finding themselves involved in e-procurement. More and more, they're finding that at least some sales activities must be conducted online. Examples of online activity include responding to RFPs, displaying catalogs, and even executing contracts.

At the federal level, the primary source behind this e-procurement push is Section 30 of the Office of Federal Procurement Policy (OFPP) Act, which requires that a federal procurement organization "establish, maintain, and use, to the maximum extent that is practicable and cost- effective, procedures and processes that employ electronic commerce in the conduct and administration of its procurement system."

In line with this law, traditional Federal Acquisition Regulation (FAR) definitions have been expanded to include the use of e-commerce and electronic signatures. For

(2)

example, "contract" includes "all types of commitments that obligate the Government to an expenditure of appropriated funds and that, except as otherwise authorized, are in writing." The FAR also makes it clear that "in writing," "writing" and "written" refer to "any worded or numbered expression that can be read, reproduced, and later communicated, and includes electronically transmitted and stored information." Furthermore, the FAR states that electronic commerce "may be used to issue RFPs and to receive proposals, modifications, and revisions," and that an "electronic signature may be used in the production of purchase orders by automated methods." Under the authority of these legislative and regulatory changes, agencies are moving their procurement activities online, forcing vendors to follow.

"Electronic" vs. "Digital" Signatures

To encourage the use of e-commerce the federal government wanted to make it clear that e-signatures are valid in executing contracts. What do we mean by e-signatures? Let's consider two important definitions:

"Electronic signature" is a general term that refers to signatures created using a

variety of possible cryptographic methods. Signatures often are accomplished through the use of username and passwords, or PIN numbers. "Electronic" signatures are less secure than "digital" in terms of user authentication.

"Digital signature" is a more specific term (and a subset of "electronic signature") that refers to signatures created with public key cryptosystems. Signatures are

accomplished through Public Key Infrastructure (PKI). With digital signatures there is true authentication that the person signing is who he says he is.

The primary federal and state laws in this area, ESIGN and UETA, are based on the looser "electronic signature" requirement.

Electronic Signature Laws

Federal law: Electronic Signatures in Global and National Commerce Act (ESIGN)

The Electronic Signatures in Global and National Commerce Act (ESIGN) expressly authorizes the use of electronic signatures, notarizations, acknowledgments and verifications, and electronic records. Under the act, no contract, signature or record can be denied legal effect solely because it's in electronic form.

(3)

establish binding contracts. ESIGN also states that a person cannot be required to agree to use or accept electronic records or electronic signatures.

Federal agencies, however, are the glaring exception to this rule. Section 101(b)(2) states that the act does not obligate any person "other than a governmental agency with respect to a record other than a contract to which it is a party."

There are two competing interpretations of this important provision. The Office of Management and Budget's position on section 101(b)(2) is that it applies broadly to an entire transaction involving a government contract, including all records relating to the contract. Under OMB's interpretation, federal contracting officers can disallow all electronic responses.1

A second interpretation holds that section 101(b)(2) does not apply to documents in the procurement process that come before the actual contract (e.g., contractor requests for clarification, statements of interest, and proposals).2 Federal contracting officers under this interpretation could not, for example, exclude an offeror from

consideration solely on the grounds that it submitted its proposal electronically. This second interpretation seems more logical in light of the plain language of the statute. The issue, however, has yet to be decided by a federal court. In practice, many federal agencies still insist on receiving paper responses to solicitations, and, until a court says otherwise, contracting officers can point to OMB's position for support. But under this interpretation, wouldn't it be asking too much of federal agencies to force them to accept electronic signatures? What about competing standards? What about a offeror who wants to use second-rate or even ineffective e-signature software in submitting its proposal? ESIGN has built-in protections designed to address such problems. The act provides that an electronic record may be denied validity if it does not remain accurate and accessible to all persons entitled to the record.3 It also allows agencies to impose performance standards to ensure record integrity, accuracy and accessibility.4

As a vendor, when would it make sense for you to insist on an electronic response when the solicitation calls for paper? When your interest in statutory interpretation outweighs your interest in winning government business. In other words, probably never.

State laws: two approaches

The states have adopted two general approaches in authorizing the use of electronic signatures: (1) only digital signatures satisfy signature requirements (Utah approach);

(4)

and (2) electronic signatures satisfy legal signature requirements (UETA approach).

1) Utah approach

States following the first approach authorize the use of only digital signatures,

ignoring the more general category of electronic signatures. Utah was the first state to adopt such legislation, sometimes referred to as "long statutes." Long statutes

recognize digital signatures as legally binding but go beyond that by giving digital records evidentiary weight, adopting a specific technology (usually asymmetric cryptosystem), allocating liability, and providing a state's Secretary of State (or other public entity) extensive regulatory powers.

2) Uniform Electronic Transactions Act (UETA) approach

The second approach is more in line with traditional contract law, under which a variety of methods can qualify as a signature. (Examples of valid signatures over the years include names on telegrams, typed names, names on letterhead, and faxed signatures.)

States following this approach separate the issue of signature from the issues of security, proof and evidence. These states have adopted, in whole or in part, the Uniform Electronic Transactions Act (UETA), which is similar to the federal act, ESIGN. As of July 18, 2001, 37 states had passed various versions of the UETA.

Practical Effect

When joining government-backed e-procurement systems, you may find yourself operating under one or both of these approaches.

Systems operating under the Utah approach will be more secure. On the other hand, such systems may require that you install and learn to use PKI software.

While systems operating under the UETA approach will be less secure, the benefit is that you won't have to hassle with PKI software. Basically, you'll just have to register with the system (acknowledging, among other things, that you have agent authority to represent your company), choose a username and password, and then enter your username and password each time you use the system.

Let's take a look at systems operating under these two approaches:

(5)

The NASA Electronic Procurement Pilot, known as EPRO, relies on two digital software programs. Vendors responding to solicitations build documents and bundle them together within one program. They then sign cover sheets with a digital

signature using another program.

The problem is that it takes time to deploy these tools and explain how to use them. Officials are debating a possible move toward a more liberal electronic signature approach, one that has been coined "Reverse EPS." (EPS refers to Electronic Posting System, which is the backbone of the federal government's primary contracting opportunity site, FedBizOpps.gov.)

Reverse EPS would help get around the deployment problem. Offerors would log onto a secure NASA server then upload all files associated with the procurement action, such as proposal response or contract execution. The signature event would be a combination of logging in and submitting the documents while logged in. There'd be no extra software to use.

The main concern with this approach is lack of authentication. (Misused

usernames/passwords; is the signatory the person he says he is? etc.) Although such a system likely would be on solid legal footing (i.e., ESIGN), agency officials could, in the end, decide they're not comfortable with one that lacks PKI security.

2) eMaryland Marketplace--electronic signature approach

The state of Maryland launched eMaryland Marketplace on March 8, 2000, just before adopting the UETA. Currently 1,800 vendors participate.

Using eMaryland, vendors register and sign an authorization agreement. Users "sign" documents by logging in and submitting them to the system. There are no PKI

software installation requirements.

It seems that eMaryland officials want to move virtually all state procurement activity through the system. Plans for the near future include moving major construction projects (those over $100,000) online (including bonding management and submission of costing sheets).

The state's adoption of the UETA, and its resulting reliance on electronic (as opposed to digital) signatures, makes rapid deployment possible.

(6)

Between EPRO and eMaryland, which approach is better?

We come down on the side of eMaryland. We believe that, in general, the lower costs and rapid deployment associated with electronic signatures outweigh the security benefits of digital signatures.

Electronic signatures do not radically alter the legal landscape. Signature

requirements aren't exactly stringent under traditional contract law. Over the years, courts have deemed a variety of methods valid in establishing signatures: names on telegrams, typed names, names on letterhead, and faxed signatures, for example. Under the Uniform Commercial Code "any symbol executed or adopted by a party with present intention to authenticate a writing" is a valid signature.

Courts have always had to deal with such issues as forgery. They can handle more modern authentication problems such as misused passwords.

Conclusion

We hope that this chapter has helped you sort through some of the legal

underpinnings of the e-procurement systems you've joined or will be joining soon. (In chapter 32, we’ll take a close look at some of the major systems.)

Beyond that we wanted to let you know that you may be required to install, learn to use, and, in some cases, pay licensing fees for PKI software. It appears that the trend is in the opposite direction, however, with the widespread adoption of the UETA at the state level, and the development of electronic signature-based systems such as eMaryland Marketplace.

That is our hope, anyway.

Resources

eMaryland Marketplace

http://www.emarylandmarketplace.com

"The Fundamental Legal Issues Raised by e-Commerce"

http://profs.lp.findlaw.com/signatures/signature_1.html

"Comparison of E-Sign and Pure UETA"

(7)

Federal Digital Signature Standard (DSS), FIPS PUB 186-2

http://csrc.nist.gov/publications/fips/fips186-2/fips186-2.pdf

_____________________

End notes:

1 OMB Memorandum for the Heads of Departments and Agencies, Jacob J. Lew, Director, September 25, 2000.

2 Samelson and Bedwell-Cole, “Will ESIGN Affect Government Contracting Practices?” Contract Management, November 2000.

3 15 U.S.C. § 7001(d). 4 15 U.S.C. § 7004.

References

Download now ( PDF - 7 Page - 117.30 KB )

Related documents

Electronic And Digital Signatures

The Minnesota Electronic Authentication Act [Minnesota Statutes, Chapter 325K] (available at: <http://www.revisor.leg.state.mn.us/stats/325K>) defines a digital signature

Electronic and Digital Signatures

The Minnesota Electronic Authentication Act [Minnesota Statutes, Chapter 325K 2 ] defines an electronic signature uniquely in terms of digital signature using Public Key

A unique biometrics based identifier, such as a fingerprint, voice print, or a retinal scan; or

For electronic signatures to be legal and binding the requirements for electronic form of signature, intent to sign, association of signature to record, identification and

A qualitative investigation of previously disadvantaged adult men’s psychological experiences of a sport development programme

As a result of the potential benefits of sport and physical activity, it has been suggested that sport programmes have the potential to be used in South Africa as part

Meeting Date: 04/28/2016 Report Type: Consent. Report ID:

Title: Electronic and Digital Records and Transactions, Including Signatures and Approvals Recommendation: Adopt a resolution: 1) authorizing the District to conduct transactions

Barn-Raising on the Digital Frontier: The L.A.U.N.C.H. Collaborative

And third, this public-private project would help to further demonstrate the critical importance of increasing broadband access and adoption in the provision of health care—part of

Do Ask, Do Tell: High Levels of Acceptability by Patients of Routine Collection of Sexual Orientation and Gender Identity Data in Four Diverse American Community Health Centers

This survey of a diverse group of patients in four health centers finds that most patients understand the importance of asking about sexual orientation and gender identity and would

Narrative and clinical change in Cognitive Behavior Therapy: a comparison of two recovered cases

Importantly, research with both the IMCS and the CCRT suggests that change in narratives, assessed through the IMCS or the CCRT, is closely associated with changes in symptoms