1 / 48

Electronic Transactions & Filing: Legal Issues

Electronic Transactions & Filing: Legal Issues. R. Justin Smith. Department of Justice Environment and Natural Resources (202) 514-9369 justin.smith@usdoj.gov 10/30/2000. Overview. 2 major statutes: GPEA requires agencies to provide for e-filing/e-txn “when practicable”

prince
Download Presentation

Electronic Transactions & Filing: Legal Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Electronic Transactions & Filing: Legal Issues R. Justin Smith. Department of Justice Environment and Natural Resources (202) 514-9369 justin.smith@usdoj.gov 10/30/2000

  2. Overview • 2 major statutes: • GPEA requires agencies to provide for e-filing/e-txn “when practicable” • E-SIGN limits government ability to set the form of documentation in transactions between private parties • Why do e-txns/e-filing raise legal issues? • Key legal issues • What are some other (non-legal) issues?

  3. GPEA: Government Paperwork Elimination ActPub.L. No. 105-277, sections 1701-1710 (1998) • GPEA requires federal agencies to provide for -- • e-filing/submissions • e-records • e-signatures • by 10/21/2003 “when practicable” • Envisions widespread use of Internet by agencies to transact business with each other, with commercial enterprises, and with the general public • Must also mean keeping agency records electronically

  4. GPEA -- Cont’d • Electronic signatures and records in accordance with GPEA procedures “shall not be denied legal effect” • The OMB Guidance (issued 4/00) • Requires implementation schedule by 10/00 to have optional electronic substitutes for paper process in place by end of FY03 • DOJ has issued guidance on legal issues. Available at cybercrime.gov website.

  5. E-SIGN: Electronic Signatures In Global and National Commerce Act15 U.S.C. 7001 etseq. • Permits (but does not require) parties to use electronic signatures and records in their transactions • Electronic sigs/records “shall not be denied legal effect” solely because in electronic form • Agencies have limited ability to impose requirements regarding: • Form of transactions between private parties • Record retention

  6. E-SIGN (continued) • What are the Government’s and the public’s risks and liabilities in “private-party” transactions? Consider: • Drug prescriptions, Government-secured loans • Importance of regulating record retention • Consult OMB guidance on interpretation. Also at cybercrime.gov.

  7. Why consider legal issues in developing E-systems? • Ability to maintain public trust depends in part on having reliable and legally adequate records of transactions • Documents and records have legal effect • Provide basis for agency decisions • Provide basis for individual claims/relief • Records are evidence of agency action • Agency records are important for litigation

  8. Litigation needs should be a consideration in e-system development • Why are litigation needs important when only a tiny percentage of agency transactions are involved in law suits? • Litigation establishes legal rights • Single win may set binding precedent or validate and agency’s interpretation of statute • Single loss can have serious impact on an entire agency program

  9. What are the 4 kinds of legal issues raised? • 1. Availability • 2. Legal sufficiency • 3. Reliability and persuasiveness • 4. Liabilities (Responsibilities)

  10. Issue #1 – Availability of Information • Availability is essential for any use. Will the information be: • Collected? • Retained? • Accessible?

  11. Will the electronic process collect all necessary information? Consider all types of information: • Processing records – e.g., Who sent it? Has it been altered? • Content, including all parts of transaction. • Identity of the parties – e.g, who signed it? • Intent – e.g., certified to be true?

  12. Will the electronic process retain the information? Consider: • Storage medium • Unauthorized access • Corruption over time • How long will it be retained?

  13. Issue #2 - Legal Sufficiency: Will electronic sigs/records be legally enforceable? • Risk that courts will give “signature” and “writing” their traditional meanings • Contracting laws often require signed writings • Other laws too, such as “written consent” • GPEA/ESIGN: e-sigs will not be denied effectiveness • Double negative not necessarily a positive • What about signatures not in accord with GPEA procedures?

  14. Issue #2 - Legal Sufficiency- continuedWhat characteristics help make e-signatures and e-documents legally effective? • Identify the “parties” to the instrument and the individuals who “sign” for those parties • Identify the date and circumstances of the signing • Provide evidence of intent to bind • Satisfy concerns about reliability, non-alteration, false repudiation • Satisfy the “ceremonial” aspect of “signing”

  15. Issue #3 – Reliability and Persuasiveness: Will electronic sigs/records persuade a court? • Will the material be meaningful/understandable? Context must be preserved • Paper forms vs. e-forms • Electronic vulnerabilities • To tampering • To electromagnetic forces • To buggy software

  16. Issue #3 Cont’d - Persuasiveness • Who do you need to persuade? • Jury, Private party, Boss, Congress, etc. • How to prove I.D. w/o signatures? • People may feel that e-signature systems are unfamiliar, complex, vulnerable, easily fabricated, and error-prone • Many e-sig systems could require an expert • Not just technology; process controls too

  17. Issue #4 - Liabilities (Responsibilities) Agencies must address statutory responsibilities in designing new e-systems • FOIA (& state equivalents) • Privacy Act (& state equivalents) • Rehabilitation Act, ADA, and related laws • Records laws • Discovery obligations

  18. Electronic Processes & Corporate Self-Reporting • Corporate self-reporting is fundamental to many regulatory schemes • Self-reporting is desirable because: • it produces data essential for enforcing the law • it does so at very low cost to businesses and governments • it induces companies to monitor and correct their own compliance problems

  19. Criminal Enforcement and Self-Reporting • The threat of criminal enforcement is very important to self-reporting systems • Regulated entities must know that compliance is the norm • There are substantial temptations to falsify • Criminal penalties usually deter far better than civil penalties

  20. Potential Problems with Electronic Self-Reporting • Close attention to a large number of details is needed • The details are like links in a chain: each is essential. To make matters worse: • Burden of proof in a criminal proceeding • Unfamiliarity to courts and juries • Defense attorneys will be highly attentive • One failure can trigger additional litigation

  21. Defenses to Watch For • The intentional compromise defense • “Oops, I put my password on a post-it.” • Consider requiring signors to affirm when they sign that they have followed security rules. • The delegation defense • “Oh, I told my subordinate A to go online and submit that. Or was it B?” • Make very clear at signature that only authorized persons may sign

  22. Defenses (continued) • The “hacker defense” • “It must have been one of those hackers.” • Technical means may be able to help secure signatures. • Automatic acknowledgments help preclude this defense.

  23. Designing for Enforcement • Consider and address the distinctive features of electronic processes • Design a robust system • Better to start off right; errors may be unrecoverable • Can eliminate redundant controls later • Consider periodic wet signatures • Again, might eventually be eliminated

  24. Design For Enforcement (ctd.) • Minimize damage in the event of failures • PKI systems can help compartmentalize losses • Involve a wide range of parties early in the design process: • enforcement personnel, general counsels, inspectors general, technical experts, etc • Mock cases, “tiger teams” • Share information with other agencies • Consider joining forces with others

  25. Special Issues • Electronic record retention. Is information accessible? Has it been altered? • Decentralized software design • Manifest handling a possible example • Each firm will need to consider the key issues I have outlined • But will they have proper incentives? • Can we meet the reasonable-doubt standard? • Will systems interoperate correctly?

  26. Where can I get more information? • DOJ has E-Commerce Working Group with attorneys from many components • ECWG has a subgroup analyzing legal issues related to electronic filing/record keeping • Web: www. /cybercrime.gov /ecommerce.html, …/gpea.htm • Agency General Counsel, IG • Others (e.g., OMB, FPKI, ECWG) have experts

  27. E-Commerce Contacts at DOJ • Justin Smith -- ECWG member (Environment Division) 202-514-9369; Justin.Smith@USDOJ.gov • David Gottesman – ECWG member (Civil Division) 202-307-0183; David.Gottesman@USDOJ.gov • David Goldstone - ECWG Co-chair (Criminal Division) 202-616-1713; David.Goldstone@USDOJ.gov • Tony Whitledge - E-Filing subgroup chair (Tax Division) 202-514-2832; tony.whitledge@USDOJ.gov

  28. APPENDIXPractical Guidance GeneralGuidelines --A Twelve Step program

  29. Consider first whether each agency txn or function • Should be converted to an electronic process • If so, how should that process be designed • Apply the twelve steps to assess the legal risks involved in those decisions

  30. Step 1 • 1. Conduct an analysis of the nature of a transaction or process to determine the level of protection needed and the level of risk that can be tolerated • Consider txns that have greatest risk: • Transactions that have legal significance • Transactions with the public/newcomers • Processes that are historically susceptible to fraud or litigation

  31. Step 1 -- Cont’d • Catalog information that needs the greatest level of protection: • Instruments reflecting rights and obligations • Information used in litigation, especially criminal proceedings • Legally protected data (i.e., Privacy Act protected info) or other sensitive data

  32. Steps 2 & 3 • 2. Consider potential costs, quantifiable and unquantifiable, direct and indirect, in performing a cost/benefit analysis • 3. Use available sources of expertise inside and outside your agency, including the OMB guidance, DOJ guidance • Conform procedures to guidance

  33. Step 4 • 4. Consider developing a comprehensive plan to convert traditional processes to electronic ones, especially if converting means re-engineering existing processes • New process should be at least as reliable as, and fulfill same function as paper systems they replace • Involve all interested parties -- record managers, IG, counsel, FOIA/Privacy Act officers, etc., in design phase to ensure all legal requirements considered and met

  34. Steps 5 & 6 • 5. Consider the kinds of information relevant to the process; ensure that necessary information is gathered • And what about e-mail? • 6. Consider using a “terms and conditions” agreement

  35. Step 7 • 7. Incorporate a long-term retention and access policy for electronic processes • Ensure availability over time of records that may be needed for litigation or long-term agency use

  36. Step 8 • 8. Be aware of legal concerns that implicate effectiveness of or impose restrictions on electronic data or records • Do statutes and regulations need to be changed: • To allow for electronic submissions (under GPEA)? • To require private parties to file materials in certain formats (under E-SIGN) ? • Do statutes or regs impose requirements that are difficult or impossible to meet in an electronic-based system?

  37. Steps 9 & 10 • 9. Develop processes that can form the basis of admissible and persuasive evidence • 10. Analyze the full range of technological options and follow commercial trends cautiously

  38. Steps 11 & 12 • 11. Consider the unique legal risks presented by outsourcing an agency’s data management functions • contractual requirements to ensure availability, reliability, and that all legal requirements are met • 12. Retain extrinsic proof in important or sensitive contexts.

  39. PracticalGuidanceSpecificGuidelines

  40. General Information to Gather, Retain and Have Available • Ensure electronic process collects and keeps-- • Date and time communication sent & received • Identity of the specific persons sending and receiving communication • Intent of sender (e.g., a “banner”) • Complete contents, context & proof info was not altered • Means of showing all relevant communications • Means to distinguish final from drafts

  41. Particular Types of Transactions • Design electronic process to establish specific information for particular types of transactions • Contracts and related transactions • Regulatory and reporting programs • Benefit programs

  42. Consider the 4 categories of important data separately • For each category, the integrity and chain of custody should be available, persuasive, legally effective, admissible, and not create liability • 1. Content - the “substance” of the filing • 2. Process - Transmission logs and audit trails • 3. Identities - the person(s) responsible • 4. Intent - what were they thinking?

  43. Retention and Availability • Ensure that important electronic records are-- • Retrievable in a form that can be viewed or printed in a “user-friendly” form; • Provide means to store an retrieve non-documentary information (e.g., an audio file attached to an e-mail) • Appropriately indexed in a manner that allows compilation of all relevant documents into a usable “file”

  44. Retention and Availability • Retained and retrievable for the same length of time as comparable paper-based records • Fully retrievable, printable and adequately indexed even if the agency later modifies its electronic system (hardware or software)

  45. Retention and Availability • Accessible, even if the electronic document originally was encrypted or restricted by a password. • Capable of being promptly located, retrieved, printed and interpreted by immediately available personnel.

  46. How can these issues be addressed? • Pro-actively • E-filing & record keeping should be done right! • Many steps can be taken to improve a process • Understanding the issues is the first step • Consider using “tiger teams” to test new electronic processes and anticipate flaws and defenses

More Related