Legal Considerations of Digital Document Storage and E-Signature Authority for Paving the Last Mile...

Legal Considerations of Digital Document Storage and E-Signature

Authority for Paving the Last Mile of the Road to a “Paper on Demand” Court

Jeffrey N. Barlow, JD, MBA, PMP, Justice Systems Consultant

Bonus: Cost Savings

• E-Signatures reduce the cost of capturing a signature– Judges can sign more rapidly– Signature can be collected from many locations

• Paper reductions and associated costs• E-Signature is often the last mile to a

fully paper-on-demand court. POD will provide:– Dramatic staff cost reductions– Process automation (workflow)– Public access to and sale of records

Related Topics

• “Official” document• Retention requirements• Confidentiality• Privacy• Delivery • Security• Access• Migration planning• Conversion of legacy documents• E-Filing

• Is it Legal?

• Is it Safe?

• Is it Proven?

Session Agenda

Moving Beyond Wet Signatures and Raised Seals in Court Operations

Is It Legal?

Legal Foundation for Electronic Signatures

• “…[I]t is arguable that an electronic signature qualifies as a signature without any legislative assistance.”

John Gregory article

• Almost all jurisdictions have enacted legislation anyway– To create certainty of acceptance– Symbolic importance of signatures

What Is A Signature?

• Establish the Identity of the Signatory

• Establish the Signatory’s Intention to make a signature

• Establish that the Signatory Adopts the Contents

• Validate official action• Protect consumers

• Provide Solemnity through the Ceremony of signing

Primary Purpose

Secondary Purpose

Tertiary Purpose

•“Too Few Definitions” (Professor Chris Reed)•Anything that the signatory intends to have act as binding him or herself to the contents.•At Common Law, no particular form required

What Is An Electronic Signature?

“Electronic signature" means an electronic sound, symbol, or process attached to or logically associated with a document and executed or adopted by a person with the intent to sign the document.

From the Model Laws and their derivatives

Jurisdictional Overview

• International• European Union• Canada• United States

– Federal/National– States

International

• UNCITRAL – Model Law on Electronic Commerce (MLEC)– Model Law on Electronic Signatures (MLES)

• European Union Directive: Advanced Electronic Signatures

• Canada– Uniform Electronic Commerce Act – Personal Information Protection and Electronic

Documents Act (2000, c. 5)– Secure Electronic Signature Regulations (SOR/2005-30)

(Enabling Statute: Canada Evidence Act (R.S., 1985, c. C-5))

US Federal/National

• Legislation– Uniform Electronic Transactions Act (UETA)– Electronic Signatures in Global and National

Commerce (E-SIGN) Act

• Standards– Department of Defense 5015.2 Standard– FIPS Publication 1863, Specifications for

the Digital Signature Standards

• American Bar Association Digital Signature Guidelines

Oregon

• ORS Chapter 84 (UETA)• ORS 184.473-477 – Information

Technology Mgmt• ORS 1.002 – Chief Justice

Authority to Make Rules Regarding Electronic Documents

• ORS Chapter 192 – Records• OAR 125-600 – Identity

Authentication/Electronic Signatures

• Chief Justice Orders• UTCR 21 – Filing and Service By

Electronic Means• Oregon Judicial Dept. Record

Retention Rules• Oregon Community of Practice

– Guidelines for Managing Electronic Records

• MCL 450.831-450.849 (UETA)

• MCL 55.287 (Notaries Public)

• MCL 565.232 (Official Seals)

• Records Reproduction Act• S Ct Administrative Orders

– 2007-24: Adopts many federal rules regarding retention of electrically stored information

– Series of orders permitting pilot programs

• Michigan Court Rules Chapter 8: Michigan Courts Records and Information Management Manual

Michigan

Levels of Authority

• Statutes• Case Law• Regulations/Administrative Rules• Agency/Court Rules• General Orders• Agency/Court Policies• Agency/Court Procedures• Audit Processes

How to Establish the Legal Foundation

• Start at the top (Constitution, Statutes) and work down

• Look for disconnects between levels• For the level at which the disconnect

occurs– Determine what the disconnect is– Determine who should decide what changes to

the level should be– Determine what effect making the required

change would have on the lower levels

Legal Authorities - Summary

• E-Signatures are legal and enforceable, even In the absence of statutory authority

• Legislation, rules, and practices surrounding use of e-signatures are uniformly intended to facilitate and insure the efficacy of e-signatures

• The Model Laws have been so widely adopted, and in use for so long, that the issue of acceptability is rarely (maybe never)raised

• Statutory clarifications, rules, court orders, etc. are often promulgated, even where their main purpose is to provide additional comfort level rather to overcome any explicit restrictions

Is It Safe?

Records Management – Basic Principles

To Be Considered Trustworthy, a Government Record Must

– Be Authentic

– Be Reliable

– Have Integrity

– Be Usable

MCL 24.402 (Michigan Records Reproduction Act)

Characteristics of Record Authenticity

An Authentic Record Can Be Proven

• To be what it professes to be;• To have been created or sent by the person claiming to have sent it; and

• To have been created or sent at that time

Best Practices for Reproducing Public Records, State of Michigan Records Management Services

Characteristics of Record Reliability

A Reliable Record Is One

• Whose contents can be trusted to be a full and accurate representation of the transactions, activities, or facts to which it attests; and

• Which can be depended upon in the course of subsequent transactions or activities.

Best Practices for Reproducing Public Records, State of Michigan Records Management Services

Characteristics of Record Integrity

A Record Has Integrity If It Is

• Complete; and• Unaltered

Best Practices for Reproducing Public Records, State of Michigan Records Management Services

Characteristics of Record Usability

A Record Is Usable If It Can Be

• Located;• Retrieved;• Presented; and• Interpreted

Best Practices for Reproducing Public Records, State of Michigan Records Management Services

Advanced or Digital Electronic Signature

• Uniquely linked to the signatory• Capable of identifying the signatory• Created using means that the

signatory can maintain under his or her sole control

• Linked to the content in such a manner that any subsequent change of the data is detectable

(EU Directive; E-SIGN)

Security

• Environment• Technology• Policies and Procedures• Operational Responsibility• Audit

Signature Security

• Something you know (Password)• Something you have (Token)• Something about you (Biometric)• Something about where you are

(Computer)• Someone you know (Trusted

Guardian)• Combination

TechnologiesMain Types

• Password – Something you know• Keypad – A signing captured electronically• Digitally Captured – Handwritten signatures

digitized through the writing process• Public Key Infrastructure – Dealing with a

trusted third party• Hash Functions – Using information that,

because of the way it is generated, cannot be duplicated or falsified

• Tokens – A physical object• Cryptographic - Application of an algorithm• Biometric – A personal physical characteristic• Combinations – Use of two or more methods

How Someone Can Falsify Your Signature

• Someone has access to your PC; AND• Knows your password; AND• If you are using a signature pad, can forge

your signature; and• If you have a physical token, has your

token; AND• Knows how to operate the system; AND• Can control the Workflow so that no one

else becomes suspicious; AND• Can make sure you do not find out about it

Is It Proven?

Sampling of Courts Using Judicial Electronic Signatures

• Oregon Circuit Courts• Maricopa County, Arizona (Phoenix)• King County Superior Court,

Washington (Seattle)• Michigan: Washtenaw, Genesee,

Ottawa, Grand Traverse, Tuscola, and St Clair Counties

• Ohio

ConclusionMoving Beyond Wet Signatures on Paper

• It Is Legal!

• It Is Safe!

• It Is Proven!

About Jeffrey Barlow

Jeffrey Barlow has spent over 35 years working with courts, both as an attorney and as an information systems professional. After practicing law for ten years in the private and public sectors, he earned a second bachelor’s degree in computer science and joined the State of Oregon court system’s newly formed Information Systems Division in 1986. Over the next 20 years, Jeff participated in and led major court technology development and implementation projects as a Systems Analyst, Business Analyst, Project Manager, Project Office Manager, and Deputy CIO. He also holds an MBA and is certified by the Project Management Institute as a Project Management Professional (PMP). He now works as a Justice Systems Consultant with ImageSoft, Inc.  

About ImageSoft, Inc.

ImageSoft, Inc., was founded in 1996 and provides technology solutions to automate, streamline and improve workplace processes, increase productivity, reduce operating costs, and save time and money.   Based in Southfield, Mich., with offices in Raleigh, N.C., and Portland, Ore., the company serves customers throughout the U.S., Canada and Mexico.   Its markets include insurance companies, government, the courts, healthcare and educational institutions, and manufacturers.   An award-winning company, since 2008 ImageSoft has consistently been named one of the nation’s Fastest-Growing Privately Held Companies by Inc. Magazine, and is repeatedly selected as one of Michigan’s Economic Bright Spots and as one of Metropolitan Detroit’s 101 Best and Brightest Companies to Work For.  Additionally, in 2008 the Edward Lowe Foundation cited ImageSoft as a Michigan 50 Companies to Watch.  For more information visit www.imagesoftinc.com

Presentation Materials May Be Accessed Athttp://www.imagesoftinc.com/resources.html

Thank You!