fundamentals of electronic signature law

Cosponsored by the Solo and Small Firm Section

Monday, November 9, 2020 Noon–1:15 p.m.

1.25 General CLE credits

Fundamentals of Electronic Signature Law

iiFundamentals of Electronic Signature Law

FUNDAMENTALS OF ELECTRONIC SIGNATURE LAW

SECTION PLANNERS

Kelly Doyle, Doyle Law, Oregon CityRob Hofmann, The Hofmann Legal Group, BendJorden Piraino, Oregon Legal Center, West Linn

Hertsel Shadian, Hertsel Shadian, Attorney at Law, LLC, PortlandArnold Wuhrman, The Wuhrman Law Firm, Lake Oswego

OREGON STATE BAR SOLO AND SMALL FIRM SECTION EXECUTIVE COMMITTEE

Jorden James Piraino, ChairJohn C. Koch, Chair-Elect

Hertsel Shadian, Past ChairArnold H. Wuhrman, Treasurer

Diane C. Cady, SecretaryStefyni Allen

Kelly Michael DoyleJulia Fraser

Andrew D. GinisC.J. Graves

Ekua A. HackmanDona Marie Hippert

Rob HofmannJames Mills

Scott D. SchnuckEllyn R. Stier

Caitlin M. Wong

The materials and forms in this manual are published by the Oregon State Bar exclusively for the use of attorneys. Neither the Oregon State Bar nor the contributors make either express or implied warranties in regard to the use of the materials and/or forms. Each attorney must depend on his or her own knowledge of the law and expertise in the use or modification of these materials.

Copyright © 2020OREGON STATE BAR

16037 SW Upper Boones Ferry RoadP.O. Box 231935

Tigard, OR 97281-1935

iiiFundamentals of Electronic Signature Law

Table of Contents

Schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v

Faculty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v

Presentation Slides: Electronic SIgnature Fundamentals . . . . . . . . . . . . . . . . . . . . . . . 1

ivFundamentals of Electronic Signature Law

vFundamentals of Electronic Signature Law

SCHEDULE

12:00 Fundamentals of Electronic Signature Law With the advent of the COVID-19 pandemic and social distancing restrictions, there is a swift move to electronic signing for documents of all sorts. Do we, as practitioners, really have a handle on when electronic signatures are considered legally valid and binding and what steps must be taken to make sure that electronic signatures are truly authentic? Learn from an expert, who discusses:F The legal framework with respect to electronic signatures in the United StatesF Key considerations when using electronic signatures in a particular situationF The legal framework with respect to electronic signatures in the European UnionDaniel Puterbaugh, Director of Product, IP & Regulatory Affairs, DocuSign, Inc., San Francisco

1:15 Adjourn

FACULTY

Daniel Puterbaugh, Director of Product, IP & Regulatory Affairs, DocuSign, Inc., San Francisco. Mr. Puterbaugh is an attorney with 20 years of experience in technology transactions and product support. He has expertise in drafting both custom and template agreements and with application and cloud service launches and updates. He is involved with regulatory groups such as eIDAS, Aadhaar, GDPR, My Number, and UK Gov Verify, and with laws that shape how organizations move forward. He holds a CIPP/US certification from the International Association of Privacy Professionals.

viFundamentals of Electronic Signature Law

1Fundamentals of Electronic Signature Law

0 | DocuSign PUBLICDocuSign RESTRICTIED CONFIDENTIAL

Electronic Signature Fundamentals

Dan PuterbaughDirector, Product, IP & Regulatory Affairs

November 9, 2020

1 | DocuSign PUBLIC

Agenda

◼US Electronic Signature Framework

◼Key Considerations

◼EU Electronic Signature Framework


2 | DocuSign PUBLIC CONFIDENTIAL

E-Signature Framework

▪ Uniform Law Commission proposed Uniform Act to reconcile inconsistent electronic signature state laws (1999)

▪ Quick, yet not fully consistent adoption• Adopted by 47 states, plus DC, Puerto Rico, and the Virgin Islands• NY, WA, and IL adopted alternative electronic signature laws

• WA recently repealed its state law; defers to ESIGN• California adopted UETA, but with some modifications

Uniform Electronic Transactions Act UETA



Electronic Signatures in Global and National Commerce Act ESIGN

▪ Effective Date: October 1, 2000

▪ Federal version of UETA, for transactions in or affecting interstate or foreign commerce

▪ Introduced consumer disclosure requirements

▪ Preempted nonconforming state laws




UETA ESIGN

▪ Both laws act as overlay statutes▪ Authorize replacing writings with electronic records▪ Authorize replacing ink signatures with electronic signatures▪ Require affirmative opt-in by parties (can be express or implied)

▪ Technology agnostic▪ Permissive, rather than proscriptive ▪ In contrast to global framework, simple, advanced and qualified


Five Principles of ESIGN / UETA

1

2

3

4

5

Record/signature may not be denied legal effect or enforceability solely because it is in electronic form

If a law requires a record to be in writing, an electronic record satisfies that law

If a law requires a signature, an electronic signature satisfies that law

If a law requires preservation/production of an “original,” the “original” requirement is satisfied by an electronic record

Electronic records can satisfy writing and original requirements so long as the electronic record:• Accurately reflects information in the record to be

produced after it was first generated in its final form• Remains accessible for later reference


6 | DocuSign PUBLIC

Scope of Statutes

Some Exceptions Some consumer notices e.g. foreclosure or utility service

termination

”Land and Family: Wills, codicils, testamentary trusts

Covered

Residential / commercial real estate transactions Commercial / consumer loans and leases Contracts / licenses

Sales / leasing of goods Insurance policies Most securities transactions Most tax documents Notarization / recording (generally)

7 | DocuSign PUBLIC

Definition of Electronic Signature under ESIGN / UETA

Includes:• Typed names• A click-through on a software program’s

dialog box combined with some other identification procedure

• Recorded voice • Biometric measurements • PIN• A digitized picture of a handwritten signature• Digital signature (discussed on next slide)

“Electronic signature” means: • an electronic sound, symbol, or process • attached to or logically associated with

a record• executed or adopted by a person with

the intent to sign the record



“Electronic record” means a record created, generated, sent, communicated, received or stored by electronic means

Critical to consider how the record of assent (the electronic signature) will be saved and recorded. Reliability of retention is critical.

Definition of Electronic Record under ESIGN and UETA

9 | DocuSign PUBLIC

Key Considerations

Authentication

Attribution of the e-signature to the correct person:

Is the signer who they say they are?

Compliance

Observance of rules & laws applicable to the underlying transaction

Life sciences and financial services sectors

Admissibility

Admitting the electronic record into evidence

Maintaining a record and best practices


10 | DocuSign PUBLIC

Authentication Legal sufficiency vs. attribution• UETA / ESIGN answer the question “Is it a signature?”• Does NOT answer the question “Is it your signature?”

Attribution must be proven (factual inquiry)• ESIGN/UETA require proof of attribution. Can be by any means, including surrounding circumstances or efficacy of agreed-upon security procedure

• Several practical means for authenticating a signer (e.g., SMS, Knowledge-Based Authentication (KBA), ID verification)

• Burden of proof is on person seeking to enforce signature (preponderance of evidence)

Case illustrations:• Mansour v. Kmart Corp., Inc., 2018 WL 3575062 (D. Md. July 2018)• Ruiz v. Moss Bros. Auto Group, 232 Cal. App. 4th 836 (Cal. App. 4th Dist. 2014)


Ruiz v. Moss Bros. Auto Group 232 Cal. App. 4th 836 (Cal. App. 4th Dist. 2014) Court refused to enforce an employer’s arbitration agreement, finding that the employer did not present sufficient evidence that the electronic signature on the arbitration agreement was “the act” of the employee. Authentication of an e-signature must be proven (just as with a paper signature) although the burden to do so is “not great.”

Authentication



ComplianceLaws governing the underlying transaction

– Assigning a Copyright with US Copyright office – Life Sciences – 21 CFR Part 11

– Signature level credentials; signing reason

Life Sciences and Financial Services– Specific requirements for record presentation form, time and

sequence

Unfair and deceptive acts and practices (UDAAP / UDAP)– General principles of unfair and deceptive practices have on

occasion been used to invalidate electronic contracts that otherwise might be effective.

Guiding principle: do no harm – use the electronic medium to enhance, not obscure, effective delivery


Admissibility Admissible under the FRE (Lorraine v. Markel American Ins. Co., 241 F.R.D. 534, 538 (D.Md. 2007))

Preserving evidence of data integrity, screen shots and process flows is essential–Identification to original transaction–Freedom from alteration (integrity question may impair ability to get evidence admitted)

–Adams v. Quicksilver case: employee signed various employment agreements; employer system allowed for post-execution revision/tampering

–Chain of custody audit trail (Certificate of Completion)

Design document management policies, systems with system & record protections in mind (such as developing backup procedures, audit logs & encryption methods to enable the demonstration that the records have not been tampered with, data deterioration procedures, system security safeguards)Case illustrations:

• Lorraine v. Markel American Ins. Co., 241 F.R.D. 534, 538 (D.Md. 2007) • In Re Vee Vinhnee, 336 B.R. 437 (9th Cir. BAP (Cal.) 2005) • Adams v. Superior Court [Adams v. Quicksilver, Inc.], no. G042012 (Cal. App. 4th Div. Feb. 22, 2010)

(unpublished)



Evidentiary Requirements

Evidence presented through affidavits or testimony must describe for the court:

An electronic signature process which:• Identifies the signer (unique username/password, email address, other authentication, IP address)• Produce evidence of the signer’s intent to sign (ESIGN Consent acceptance, signature tab)• Creates an audit log documenting all events (Certificate of Completion)

– Sends a copy of fully executed record to signer– Focus on record integrity (tamper-seal, system digital signature, hash)

Case illustrations:• IO Moonwalkers, Inc. v. Banc of Am. Merch. Servs., LLC 814 S.E.2d 583 (2018)• Alliant Credit Union v. Abrego, No. 76669-4, 2018 Wash. Appp. LEXIS 2964 (Ct. App. Dec. 31, 2018) • Fabian v. Renovate America, Inc. 255 Cal.Rptr.3d 695 (Cal.Ct.App.2019)• Harpham v. Big Moose Inspection, No. 321970, 2015 WL 5945842 (Mich. App. October 13, 2015)


Fabian v. Renovate America, Inc. 255 Cal.Rptr.3d 695 (Cal.Ct.App.2019)

Commercial dispute involving electronic signature on agreement to purchase solar power system.

Renovate offered little more than a bare statement that Fabian "entered into" the contract without offering any facts to support that assertion. They did not provide the court with the Certificate of Completion or a simple supporting declaration explaining the process for electronically signing the agreement.

Court opinion: “Renovate did not provide any evidence from or about DocuSign in its petition, reply, or supplemental declaration. Indeed, the word “DocuSign” does not even appear in any of Renovate’s moving papers.”

Evidentiary RequirementsCase Spotlight



The Certificate of Completion

Key pieces of evidence• Hash on envelope (Envelope ID)• Timestamps on access

and signature• IP addresses• Consent to electronic process• Advanced signer identification

details (if used)


Weighing the Evidence

◼ 5/1/2016 8:41:12 PM EST

◼ [email protected]

◼ IP: 192.156.22.122

◼ Additional ID proofing options:

– One-time password

– SMS or phone authentication

– Knowledge based authentication

– Federated / SSO authentication

– Digital certificate validation


18 | DocuSign PUBLIC18 | DocuSign PUBLIC

A digital signature is:

• A specific kind of electronic signature that uses PKI encryption to bind identity and signature

• Enables the signer to apply signature (using a private key)

• Encrypts the document once signature is applied (digital certificate)

• Digital signature more prevalent in EU market (industry-standard in civil law jurisdictions)

The EU and Electronic Signature vs. Digital Signature

Electronic Signature

Digital Signature


eIDAS

Mandates adoption by all EU member states

Enforces pan-EU interoperability

Legitimizes cloud-based signatures by removing smartcard or special hardware requirements

Uses a “tiered” approach that distinguishes between different types of eSignatures, granting them different legal weight

(Electronic IDentification, Authentication and trust Services)



Tiered Structure Approach Under eIDAS

Electronic Signature Basic signature in electronic form No particular technology required to identify the signatory Enables most business and consumer transactions

Electronic Signature Requires a digital certificate to identify signatory Links signatory identity to the signed document Signature record must be able to show evidence of tampering

Electronic Signature Requires a digital certificate from a qualified Trust Service Provider (TSP) Special EU legal status: equivalent to wet signature (heightened probative value) May be required by law (e.g., Germany)

Standard Advanced

Qualified


Thank You

fundamentals of electronic signature law

Documents