HEARING OF THE TELECOMMUNICATIONS, TRADE AND CONSUMER PROTECTION SUBCOMMITTEE OF THE HOUSE COMMERCE COMMITTEE
SUBJECT: ELECTRONIC SIGNATURES
CHAIRED BY: REP. W.J. TAUZIN (R-LA)
WITNESSES: ANDY PINCUS, GENERAL COUNSEL, DEPARTMENT OF COMMERCE JEFFERY SKOGEN, INTERNET MARKET MANAGER, FORD MOTOR CREDIT DONALD UPSON, SECRETARY OF TECHNOLOGY, COMMONWEALTH OF VIRGINIA DANIEL J. GREENWOOD, DEPUTY GENERAL COUNSEL, INFORMATION TECHNOLOGY DIVISION, BOSTON, MA. ARI ENGELBERG, VICE PRESIDENT, STRATEGIC WEB DEVELOPMENT JOHN G. FINNERAN, GENERAL COUNSEL AND SENIOR VP, CAPITAL ONE 2123 RAYBURN HOUSE OFFICE BUILDING WASHINGTON, DC 10:00 AM. WEDNESDAY, JUNE 9, 1999

Copyright ©2001 by Federal News Service, Inc., 620 National Press Building, Washington, DC 20045, USA. For information on subscribing to the FNS Internet Service, please email Jack Graeme at info@fnsg.com or call (202)824-0570.

     REP. W. J. (BILLY) TAUZIN (R-LA): Committee will please come to order.

     A number of years ago the New Yorker Magazine ran a cartoon showing two dogs seated at a computer. One dog says to the other, on the Internet nobody knows you're a dog. That's also true, by the way, in some voter registration systems in some of our states. I think it was a newspaper in Lake Charles, Louisiana that managed to register two dogs in Louisiana elections. For the first few years of the Internet that was true. You really didn't know who was on the other end. However, with the explosion in electronic commerce activities, a clear need has developed for knowing who you are and who you are dealing with online, especially now that online transactions are becoming more and more complex.

     Many companies are currently at work developing products and services that seek to electronically authenticate parties to online transactions and one hurdle with these companies, the companies that are seeking to use electronic authentication, is the uncertain legality of electronic signatures. States have begun to update laws to address this problem. To date, 44 states have enacted some type of electronic signature law. However, no two states have adopted the same law. Therefore, the result is a patchwork of state laws on the recognition of electronic signatures.

     In my opinion, 40 or 50 different state standards will make interstate commerce very difficult if not, in some cases, impossible. The subcommittee's aware that there is an effort underway to create a uniform state electronic signature law. Even under optimistic assumptions, adoption by all 50 states will take three to five years. Now, that may not seem like a long time, but in the fast changing world of electronic commerce that is nearly an eternity. Today this subcommittee will be examining HR 1714, the Electronic Signature in Global and National Commerce Act, ESGN.

     The goal of this Act is to further promote the development and growth of electronic commerce by clarifying the legal status of electronic signatures and records. Contracts or agreements cannot be validated solely because the agreement or contract is in electronic form or has been signed electronically. The legislation does recognize the efforts by states and allows states to enact their own legislation to recognize electronic signatures and electronic records. The efforts to create a uniform state electronic signatures law and the goal of HR 1714 are therefore no way incompatible. Rather, they are complementary. What they're working toward is a single, uniform standard.

     Another important element of this legislation is that it provides the secretary of Commerce with guidance on promoting American principles on electronic signature law overseas. It would clearly harm American interests to have foreign nations enact laws that would or could discriminate against American products and companies or create closed systems that do not recognize the technologies or systems used by American companies. I think we only have to look at the controversy surrounding the third generation wireless standards to see how important the international marketplace is.

     We'll be hearing from a panel of witnesses today that will give us many perspectives on the issues of electronic authentication and on HR 1714 in particular. The panel includes developers and users of these technologies as well as representatives from state governments and the Administration. HR 1714 is clearly the beginning of the process and I fully anticipate that this committee will be working with Chairman Bliley and all interested parties to work out a final bill that will meet our goal of furthering the use of electronic signatures and promoting electronic commerce. Additionally, we look forward to hearing comments from our colleague from Tennessee, Mr. Gordon, on the work he's done on HR 1572, his Digital Signature Act of 1999, which I understand, has been referred to a different committee.

     I thank you and look forward to hearing the testimony from our distinguished panel.

     The chair is now pleased to recognize the author of the legislation, the chairman of the full Commerce Committee, the honorable gentleman from Richmond, Virginia, Mr. Tom Bliley.

     REP. TOM BLILEY (R-VA): Thank you, Mr. Chairman.

     You know I represent a district in the Commonwealth of Virginia better known as the Internet capital of the world, home to numerous Internet companies, both large and small and as a result I have the chance to talk with leading Internet business executives and visit cutting edge technology companies. Everywhere I go and everyone I speak to tells me how important it is for Congress to pass legislation that provides legal recognition to electronic signature and electronic records.

     While I am speaking of Virginia, I also want to welcome Don Upson, the secretary of technology for Virginia. Virginia was the first state in the nation to create a cabinet level position of a technology secretary and I think this clearly shows the commitment by Governor Gilmore and others in the state to promote the growth of electronic commerce and information technology.

     We saw the explosion of electronic commerce during last year's Christmas shopping season, far in excess of all of the predictions and the pace has not let up. When many people think of electronic commerce they think of buying books or airplane tickets, but recently we have seen people starting to buy automobiles, getting approved for a mortgage or investing their retirement funds online -- something we could not have imagined just a few years ago. As the value and complexity of online transactions grows, the need for knowing that the transaction is legally binding becomes even more important.

     That is where HR 1714, the Electronic Signatures in Global and National Commerce Act comes in. By clearing away the legal uncertainty surrounding electronic signatures and records, more businesses will use electronic signatures and consumers will feel more comfortably doing business online. The technologies used to create and transmit electronic signatures also provides much greater safety and security to online transactions. As I stated many times during last year's series of hearings on electronic commerce, I want to see that the safety, security and privacy of online customers, consumers, is protected. Encouraging businesses and consumers to use electronic authentication will help to do just that.

     I believe that HR 1714 is the correct approach to creating a legal framework for accepting electronic signatures and records. The legislation lays out a single nationwide standard for the acceptance of electronic signatures and electronic records. We do not pick or choose a specific type of electronic authentication, nor do we choose what types of businesses should be allowed to offer electronic signature services. The legislation also provides guidance to the Department of Commerce in their international negotiations on electronic authentication. I believe that the principles laid out in this bill, such as technological and business neutrality, and market leadership should be promoted overseas. I do not want to see foreign nations instituting electronic authentication regimes that would discriminate against American manufacturers or providers of electronic authentication technologies.

     HR 1714 also amends federal securities law to provide for the legal acceptance of electronic signatures and records. This provision will be the subject of an upcoming legislative hearing in Mike Oxley's subcommittee. I do want to recognize the efforts that states have been making in this area. Today more than 40 states, as the chairman has said, have enacted legislation that provides recognition of electronic signatures. My concern is that every law is different. Many only allow state agencies to accept electronic signatures and some provide legal recognition only to signatures generated by a specific technology.

     It is clear that for unfettered interstate commerce to take place, we must establish a single nationwide standard. I understand that a uniform state law on electronic signatures is being developed and I believe 1714 recognizes this effort by allowing states to enact their own electronic signature bills that follow the principles laid out in HR 1714. I look forward to hearing the comments and the issues raised in this hearing and the future hearing on HR 1714. I am hopeful that we will move HR 1714 through the committee and to the House floor before the end of the year and these hearings move far down the road to having this bill signed into law.

     Thank you, Mr. Chairman. I yield back the balance of my time.

     REP. TAUZIN: I thank the chairman for his statement and for his extraordinary attention to the issues of electronic commerce at this committee and the other subcommittee levels. And by the way we want to commend you, Mr. Chairman, also for not seeking to claim the invention of the Internet as some have done.

     REP. BLILEY: We already have a claimant to that.

     REP. TAUZIN: The chair is now pleased to recognize the gentlelady who has been a leader for a long time in the digital signature area, the gentlelady from California, Ms. Eshoo.

     REP. ANNA G. ESHOO: Thank you very much, Mr. Chairman, and for your kind words as well. This is an important hearing today and I'm delighted to not only be a part of it, but to welcome everyone that is here to testify.

     We're discussing legislation in which we in Congress are trying to prevent a revolutionary way of business from being really strangled by outdated laws. Specifically, this legislation updates the law by declaring that electronic signatures will be deemed valid. This legislation extends the principle of electronic authentication we established last Congress with the passage of my legislation, which was entitled the Government Paperwork Eliminations Act. That law required the federal government to accept electronic signatures. And we're now seeking to extend that advancement to he commercial world. And this is more than an appropriate step for the Congress to be taking. The Internet has really introduced many new buzzwords to our lexicon, our vocabulary words like browser, Web page, and e-mail. The newest term, of course, is e-commerce. The projections for the growth of the electronic commerce, and its effect on the global economy are indeed staggering.

     Last year, shoppers spent an estimated $9 billion buying products online. That's quite an opener, $9 billion. Business to businesses electronic commerce was nearly five times greater than in the consumer market reaching $43 billion just last year. By the year 2003, Forester Research predicts business to business electronic commerce will climb to $1.3 trillion. And at the federal level, we understand these sums. That would constitute nearly 10 percent of all US business trade. Not only are the Fortune 500 companies taking advantage of this new way of doing and transacting business, but it offers an extraordinary opportunity to over five million small businesses in our country.

     Not long ago, small businesses, like the jewelry store that my father owned in Connecticut, were limited to doing business in the community they were located in. Now, with a Web page and some creative marketing, a store in Connecticut may be repairing watches sent all the way from my district, Palo Alto, California. Or jewelry stores in Connecticut may be selling products in department stores in California.

     The electronic commerce bill I introduced in the bill before us today are attempts to make sure our laws permit that businesses in Connecticut and stores in California do business by utilizing the latest form of signature and electronic signatures. Both bills aim to insure that those conducting business online and who chose to sign electronic contracts with electronic signatures will be able to do so with legal certainty. Many states have already passed legislation. The Chairman of our committee just iterated that in his comments before us. They've passed legislation allowing for the acceptance, but unfortunately, this has resulted in a confusing maze of state laws that hamper interstate commerce.

     States have been working on developing a uniform model law to create one standard for acceptance of electronic signatures in contracts similar to what the uniform commercial code accomplished for contract laws. It's expected to be completed soon and offered to the 50 state legislatures for adoption. The bill I introduced, and the one we're discussing today bridged the gap from now until the 50th state has passed a version of this model law by preempting the existing confusion of multiple state laws. In fact, identical bipartisan legislation of mine introduced in the Senate has already been endorsed by state governments and industry alike.

     I'm concerned in this particular area that the bill we're discussing today has somewhat of a heavy hand in implementing a two- year deadline on states, and would inappropriately give the secretary of Commerce the ability to enjoin state laws. So, I look forward to discussing with the panelists today their impression of the section in question, Section 102 of HR 1714.

     I want to salute the Chairman of our committee for his interest, his broad and important interest in this area of electronic commerce. And I look forward to working with him, and with Chairman Tauzin on improving this legislation so that it can, indeed, be adopted in the 106th Congress at a time when it really is going to count the most.

     Thank you, Mr. Chairman, and I yield back.

     REP. TAUZIN: I thank the gentlelady, and the committee is grateful to her for her pioneering work in this area, and for her commitment to continue this process.

     The Chair is now pleased to welcome and recognize the gentlelady, Ms. Cubin, for an opening statement.

     REP. BARBARA CUBIN (R-WY): Thank you, Mr. Chairman, and thank you also for holding this important legislative hearing on HR 1714, the Electronic Signatures and Global and National Commerce Act, or ESGN.

     The commercial activity that takes place over the Internet is staggering and it is growing rapidly. We are witnessing an expansion of business transactions over the network, and I am personally amazed at how much commercial activity was conducted over this past Christmas season. And you know, since I like to shop, it was even better.

     E-commerce moves us from making traditional face-to-face purchases of which we've all grown accustomed to blindly trusting a stranger at the other end of a computer screen to responsibly and honestly carry out the transactions that we want. HR 1714 will allow some semblance of trust when making these blind transactions over the Internet, which not only bring some peace of mind to those of us who engage in e-commerce, but will also promote growth and development of the electronic commerce industry.

     It is important that consumers be assured that there is legal validity of a contract or transaction that is made over the Internet. I am a strong advocate for states' rights and developing an environment where states can establish policy that works best for that particular state.

     In the case of electronic signatures, there are currently over 40 states that have enacted some sort of legislation to recognize the validity of electronic signatures. The problem, however, is that no two states have an identical law, which makes it difficult to do business transactions across state lines, and at the same time, insure the legal validity of the contract where one state recognizes it as being binding because it was signed electronically, rather than signed with a physical signature.

     HR 1714 would establish a uniform national framework for the acceptance of electronic signatures in records. I support the intent of Chairman Bliley's legislation, and I commend his hard work in bringing this bill forward for discussion. I do look forward to hearing from today's witnesses, and I yield back the balance of my time.

     Thank you, Mr. Chairman.

     REP. TAUZIN: The Chair thanks the gentlelady from Wyoming.

     And the Chair would now recognize the gentleman from Tennessee, but the gentleman from Michigan, the ranking minority member has arrived. I wonder if the gentleman from Tennessee would allow me to recognize him out of turn.

     REP. BART GORDON (D-TN): Be happy to.

     REP. TAUZIN: The gentleman from Michigan, the ranking member of our full committee, Mr. Dingell, is recognized.

     REP. JOHN D. DINGELL (D-MI): Mr. Chairman, I thank you, and I thank the gentleman from Tennessee.

     Mr. Chairman, I commend you for holding this hearing. This is an important matter. For centuries, a legal contract was not considered valid unless it was impressed with a seal of the signer to prove its authenticity. More recently, China is just beginning to move away from the idea that everything has to be processed with the (chop ?) added to the document to establish the authenticity of the document.

     Just a few years ago, most of us would have never predicted that a written signature on a sales contract would be obsolete, but that situation appears to be coming upon us. As today's business is conducted increasingly over the Internet and through vast computer networks, the electronic signature is becoming just as crucial for the smooth operation of commercial law.

     In order for this new world of electronic commerce to take shape, grow and prosper, we must make sure that the electronic signatures are recognized as legal, secure, and binding. Emerging technologies demand that our policies keep pace. And I congratulate Chairman Bliley for his efforts in this area. His legislation, HR 1714 would make great strides in furthering the use of electronic signatures in commerce.

     And in these goals, he has my strong support. There is, however, one area of this bill that causes me concern. While I agree that it is useful at times to have uniform national policy, please be careful not to impose our judgements on the states, particularly at a time when they too are actively studying these same issues.

     In fact, I understand that a model state code is currently under development, that many state legislatures are likely to enact it in one form or another.

     I believe that we should not interfere with their ability to do so, and that we should enable the states and utilize the states for the purposes of achieving a uniform national policy that will allow the states to serve essentially as a nursery for the development of good, and useful, and new ideas. The states should have enough time to fully evaluate this model code, and then, to write, debate, and pass their own legislation. Unfortunately, HR 1714 as drafted would limit to two years the period in which the states would not be threatened by federal preemption. I'm afraid this limitation may deny many states the opportunity to act on their own behalf.

     Again, I want to commend Chairman Bliley for his hard work, but also to recognize as well, and commend my good friend from California, Ms. Eshoo, for her strong commitment and leadership on this issue. I look forward to hearing from today's witnesses about how we can develop a strong policy on electronic commerce while at the same time, respecting the important role of the states.

     Mr. Chairman, I thank you for your kindness to me this morning.

     REP. TAUZIN: I thank the gentleman from Michigan and the Chair is now pleased now to recognize the gentleman from Tennessee, Mr. Gordon, himself the author, well, actually, I believe they've yielded to you, Mr. Gordon, himself an author of the Digital Signature Act of '99.

     Mr. Gordon.

     REP. GORDON: Thank you, Mr. Chairman.

     My compliments for having this hearing and my compliments to Chairman Bliley for introducing this important bill and I want to be on record as being supportive today. I'm going to poach a little time, if it's okay, to bring up another collateral bill that I think is complementary and I hope that we'll have a chance to discuss.

     I first became interested in electronic signatures two years ago when the issue came up as part of the Computer Security Enhancement

     Act of 1997. At that time, I was concerned about how to encourage the widespread use of electronic signature technologies essential to ensure consumer trust in electronic commerce. In HR 1907, the Computer Enhancement Bill that passed the House, I inserted a provision that established a national policy panel to address developing consensus on a national electronic signature infrastructure.

     Since then, with the leadership of my colleague and good friend, Ms. Eshoo, Congress passed the Government Paperwork Reduction Act, which requires federal agencies to accommodate electronic transactions by the year 2002. There also have been a number of bills to deal with the legal status of electronic signatures and electronic records. My concern, as it has for the last two years, is how do we promote the widespread use of electronic signatures by electronic commerce beyond the legal structure?

     I introduced HR 1572, the Digital Signature Act of 1999 with Science Committee Chairman Sensenbrenner and Ranking Member, George Brown. The bill directs NIST to develop technology neutral standards on interoperability to encourage the effective use of electronic signature technology by the federal agencies and encourages agencies to use off the shelf commercial products and services.

     In addition, the bill establishes the national working group under the Department of Commerce to start working on other elements necessary to encourage the widespread everyday use of electronic signature technology. If electronic authentication systems are deployed by agencies with little thought to interoperability, it will make it harder, not easier, to conduct business with the federal government electronically. We should ensure this is done in a coordinated technologically neutral way that promotes interoperability and encourages agencies to buy commercial off the shelf products and services.

     In a recent Federal Technology Week article, Tony Trinkle (sp), the director of electronic services at the Social Security Administration said the following. The bill moves the debate about standards in the right direction, especially at a time when agencies are trying to comply with the GPEA passed last year. The OMB guidelines do not provide much additional help for agencies trying to choose an electronic infrastructure in a growing market. These same concerns are what promoted me to introduce the bill.

     Many of our international trading partners recognize the importance of electronic authentication for electronic commerce and are already working on national electronic signature infrastructures to facilitate the widespread use of electronic signatures. My bill would address this critical challenge by establishing a national working group with industry states and other stakeholders to start to develop consensus for this country. This will, not only encourage electronic commerce, but will also enhance our position in the world market.

     Again, Mr. Chairman, thank you for allowing me to bring in some collateral issues and I am supportive of this bill you have before us today.

     REP. TAUZIN: The Chair thanks the gentleman.

     Does any other member desire to make an opening statement? Mr. Sawyer? Mr. Deal?

     Then, the Chair is pleased now to ask unanimous consent that all members be permitted time to introduce into the record written opening statements. Without objection, it is so ordered.

     The Chair is also wants to advise our distinguished panel today that your written statements are automatically part of our record and are before us and as I introduce you today, I would ask you please to summarize those statements in a conversation fashion with us, by hitting the high points of your testimony so that we can do it within the five minute rule and have time to enter into dialogue with you on your comments.

     So we'll begin now by introducing these very distinguished panel beginning with Mr. Andy Pincus, the general counsel for the US Department of Commerce. Mr. Pincus, you're now recognized, sir, to make your opening statement.

     MR. ANDY PINCUS: Thank you, Mr. Chairman and I'm honored to appear before the subcommittee today.

     As you and the other members of the subcommittee have mentioned the Internet is revolutionizing every aspect of business, not just in our country, but throughout the world. And these developments require the attention of governments to ensure that we're doing everything we can to enable the development of this important new medium of commerce.

     Chairman Bliley and Mr. Dingell, you, Mr. Chairman and the other members of this committee clearly recognize this fact. You've taken a leadership role in ensuring that our country remains at the forefront in creating and exploiting the possibilities of electronic commerce. And as other countries begin to recognize the potential of this new media, we must continue to lead the way, not just in the private sector where we clearly are leading the way, but also in crafting the appropriate policy framework for these new developments.

     As we have in the past, the administration and especially those of us at the Commerce Department look forward to working with you on these important issues. HR 1714 addresses a subject that's at the very core of enabling electronic commerce. It's obvious that e- commerce will grow only if party's transactions over the Internet are just as legally binding as their transactions in the physical world. Although, everyone hopes that they won't have to end up in court and won't have to hire a lawyer, they obviously want to be sure that there's a way to hold the other party to the contract, to their obligations, in case something does go wrong.

     There basically, as we see it, are two issues in accomplishing this goal. First, to eliminate statutory rules that require paper contracts. We obviously have to be sure that electronic agreements have the same legal status as paper contracts.

     The second question is when and how does an electronic contract become legally binding on a party? In the fiscal world, the general rule is a party has to manifest his or her intent to be bound. This can be done with a written signature, but it can also be done with an X or by an exchange of telegrams or various other means by which a court will conclude that there was an intent by both parties to be bound to the contract.

     In the online environment, we advocate the same approach. There already are and they're certainly the way technology is evolving there will be even more in the future, different ways to electronically sign a contract. Everything from typing your name at the end of an e-mail and sending it to using very sophisticated biometric or digital signature technology to evidence one's intent to be bound. The market is in a very, very early state of evolving. It's clear that companies and individuals are using different types of authentication technology for different kinds of transactions as they do in the physical world and we think it's very, very important to let that evolution take place and let the market continue to examine and test various forms of signature technology.

     In fact, I was privileged last week to participate in a workshop held by the OECD in the private sector in California that spent two days hearing presentations from various sectors, the manufacturing sector, the financial sector, on the kinds of signature technologies and the very different business models that are being used to provide a legal basis for agreements in those sectors. I think we're in agreement on the basic principles that should govern the resolution of these two basic issues.

     First, as I said, eliminate barriers, paper contracts and requirements of pen and ink signatures that are relics of an earlier age. Ensure technological neutrality. As several members of the subcommittee have said, it's very important that any legal rules that are adopted allow all these different technological approaches to have legal validity.

     And finally to be sure that parties are free to agree upon a means of authenticating their transactions and if they do that, that they're subsequent agreements that are authenticated in that matter will be legally binding because what we're seeing right now in electronic commerce is that those kinds of systems, where parties, auto companies and their suppliers, for example, set up an electronic structure for engaging in electronic ordering and electronic contracting and agree that for those agreements, they'll use a particular technology for authentication. And in order to allow those kinds of what have come to be known as closed systems to develop, we have to be sure that they do create legally binding agreements.

     We also agree that as HR 1714 provides there must be considerable attention paid to promoting these principles internationally. One of the most promising aspects of the Internet is its ability to facilitate cross border transactions. It used to be that to be an exporter you had to be a big company and have agents all around the world to hock your products. Now all you need is a Web site and you have access to every market in the world. But of course we need internationally rules that will ensure that cross border contracts that are made is a result of that access actually are legally enforceable.

     As discussed in my written testimony, we've been working very hard on this issue and it's certainly useful to be sure that the entire US government, the administration of Congress make clear to the rest of the world that these basic principles are important to us. Domestically, as several members of the subcommittee have mentioned, we also need rules that implement these principles. This area of contract law has long been the province of the states and the states through the uniform law process run by the national commissioner's uniform state laws have developed the Uniform Electronic Transaction Act as a number of the subcommittee mentioned. And plan to submit that act for adoption to the states at the end of July.

     If we could wave a wand and have all 50 states enact that law, clearly the problem will be solved. We'd have a very strong basis in domestic law for electronic commerce that meets all of principles. There is concern as you mentioned, Mr. Chairman, about the speeds by which the states will adopt this. We don't think right now that there's evidence that the absence of uniform law is obstructing the growth of e-commerce, although, people appointed to different laws. A lot of those laws only relate to government transactions and a lot of those states haven't spoken to the question of private commercial transactions.

     Certainly at some point it may be true that the absence of the national standard is inhibiting domestic commerce. And we need to create an environment that will encourage the states to move quickly to adopt the UETA. Our view is that it will be the states should be given a chance to do that and if there isn't quick action it may then well be appropriate to establish some federal rule to fill the gap until the states have adopted that measure.

     Thank you very much, Mr. Chairman. I look forward to answering the subcommittee's questions.

     REP. TAUZIN: Thank you very much, Mr. Pincus. I was just thinking about how a handshake counts in some states as well and you go to Texas; that's as good as a signature.

     The Chair is now pleased to welcome the Honorable Donald Upson, the secretary of technology the commonwealth of Virginia who has already been welcomed by the Chairman of the full committee. Secretary Upson, I might note that it'd be good if you had a conversation with the secretary of transportation to, who's having a little difficulty getting over here today, as many of us do every morning trying to get to work. We appreciate you sir and welcome your testimony.

     MR. DONALD UPSON: Thank you, Mr. Chairman. I apologize for being late. I was stuck on 66, but I'm not the secretary of transportation.

     Mr. Chairman, Chairman Bliley, members of the committee it's a special privilege to be here on behalf of Governor Gilmore and the commonwealth of Virginia and for me personally to talk about this important legislation for two reasons.

     First, you may not know I spent 13 years up here most of which was Congressman Horton, staff director on government operations.

     And secondly, because I've wondered what it would like to sit on this side of the table and recalling some of your investigations, I've often preferred not to be. But it is a special privilege to be before this committee. Because I believe and I know Governor Gilmore believes that in terms of the technology environment for the United States, this committee has done far more than maybe the general population appreciate in terms of setting that environment, the Telecommunications Act, the Internet Tax Freedom Act and now Digital Signature.

     And I'd like to suggest that from Virginia's point of view, the action that you're taking in considering this legislation, the focus is digital signatures, but it's more important than that. It is about commerce and it's about the United States and the competitive advantage we have in an electronic world. And the legislation in our point of view, one, it reflects the US global framework on Internet policy, which we endorsed and included as part of our comprehensive Internet proposal. We focused upon that act, that framework established at the federal level, which generally directed, suggested that the private sector should continue to lead, that we should be very careful about imposing standards and restrictions on a medium that has just grown incredibly fast, on its own and developed its own uniformity through market forces.

     And That's what I'm here to say and speak in support of HR1714. I think it does that in two ways. First, it keeps the United States moving forward in terms of our competitive advantage by stating that where signatures are required in a legally binding instrument, electronic signatures will satisfy that requirement. And on the other hand, you give the contracting parties and the states the flexibility to enact standards or amongst themselves that satisfy that basic fundamental requirement. That's important, we believe for a very significant reason and is if we impose technology standards all of us know how quickly that technology changes. There are different levels of authentication required for different kinds of transactions and so I applaud the flexibility provided.

     In Virginia, we took the same principles that, like I say these same principles guided the formulation of our current law in electronic signatures. And our law simply stated establishes the following where any Virginia law -- first, where any Virginia law requires a signature or provides for certain consequences in the absence of a signature, that law is satisfied by an electronic signature.

     Second, electronic signatures must meet certain functional requirements. They must be A, unique to the signer, B, capable of verification. C, under the (signer's sold ?) control, D, linked to the record in such manner that it can be determined if any data contained in the record was changed subsequent to the electronic signature being affixed and E, created by a method appropriately reliable for the purposes for which the electronic signature was used.

     We in the commonwealth believe that our approach to electronic signature legislation allows the private sector to lead, avoids undo restrictions on electronic commerce, and establishes a simple yet enforceable set of functional requirements. That's what I think HR -- that your legislation does that you're considering before this committee. And I think it compliments what is the beauty of this medium and this electronic environment and that is that it's doing fine on its own. And the government being an enabler and not an imposer or an impeder is important and I think it's reflective of the work in this legislation.

     REP. TAUZIN: Thank you very much, Mr. Secretary.

     The Chair would now interrupt the proceedings and ask you all to join with me in welcoming an honored guest who's arrived and who will be honored at a luncheon later today. Mr. Ushiel (ph) Patsumey (ph), the newly elected secretary general of the international telecommunications union is with us today, Mr. Patsumey if you would be recognized, sir. We want to all welcome you here today.

     (Round of applause.)

     Welcome.

     The Chair is now pleased to introduce and welcome for his testimony, Mr. Jeffrey Skogen, Internet Market Manager for Ford Motor Credit, department in Dearborn, Michigan. Jeffrey, if you will please summarize your statement for us.

     MR. JEFFREY SKOGEN: Good morning, try this again, good morning, Mr. Chairman, members of the committee. I'm Jeff Skogen, the Internet Marketing Manager for Ford Motor Company in Dearborn, Michigan. I appreciate the opportunity to appear before the subcommittee.

     Ford Motor Company, Ford Motor Credit Company is the world's largest company dedicated to automotive finance with more than 8 million customers in 36 countries. Ford Credit is continuously looking for ways to improve the value of its service it delivers to its customers.

     Consumer power to choose and business's ability to meet consumers in marketplace demand will be enhanced by the establishment of a reliable, trusted, cost efficient flow of electronic commerce. For that reason, we are committed to harnessing the efficiencies that electronic commerce represents.

     Electronic commerce is the exciting medium of business growth and consumer convenience. It is integral to the rapid development of a global information based economy that appears destine to coexist with the traditional industrial model. Electronic signatures are a fundamental building block for electronic commerce itself and they are the key to the widespread use and acceptance of electronic commerce.

     HR1714 with facilitate transactions on the Internet in other electronic paperless transactions for dealer and consumer contracts by assuring that they are given the full legal validity of a written contract. Our research shows that 57 percent of consumers in the market for a new vehicle within the next year prefer to research their automotive purchases online.

     And 44 percent of consumers who use the Internet online services have visited a financial Web site.

     About one third of the customers want to at least start the financing process online according to Ford Credit's research. Ford Credit has implemented a new credit approval process called auto apply, which customers can use to complete a credit application and securely send it to Ford Credit via the Internet. Ford Credit provides a decision online for the customer and their preferred dealer usually within minutes of receiving the application at the company's Web site. While Ford Credit offers online approval through the dealers, its customers must still physically go to the dealership to sign the credit application and the contract.

     With the electronic signatures, the entire transaction could be handled online, making the process easier and more efficient for everyone involved. In addition, we offer customer electronic funds transfer online allowing them to enroll in the program, make a change or cancel payments drawn directly from their checking account. Uniform standards for electronic signatures would enhance the public confidence in online applications of electronic commerce like electronic funds transfer.

     We believe the United States should be actively involved in the development of uniform global standards for electronic signatures and commerce. The lack of uniform nationwide rules may inhibit our country's ability to influence development beyond its borders. Therefore, it is appropriate to consider the establishment of a federal standard or uniform guidelines.

     I appreciate the opportunity to appear before you this morning and would be happy to answer any of your questions.

     REP. TAUZIN: Thank you very much, Mr. Skogen.

     The chair is now pleased to recognize Mr. Daniel Greenwood, deputy general counsel Information Technology Division of the Commonwealth of Massachusetts and I'm sure Mr. Markey were he here would want to issue a special welcome for you, Mr. Greenwood.

     Mr. Greenwood.

     MR. DANIEL J. GREENWOOD: Thank you very much, Mr. Chairman and members of the subcommittee. And on behalf of the Commonwealth of Massachusetts, really do appreciate the opportunity to testify today on HR 1714, the Electronic Signature in Global and National Commerce Act, ESGN. And I should probably depart from my remarks to indicate you have won the important battle in this town of the best all-time acronym for bills in this area, ESGN.

     REP. TAUZIN: That's an important title around here. It's appreciated.

     (Cross talk.)

     MR. GREENWOOD: It just rolls off the tongue. Back to the merits for a moment. To the extent that HR 1714 does facilitate a national baseline and a consistent legal infrastructure that supports electronic commerce without unduly disrupting related areas of state law, we believe that it does deserve very serious consideration and that it does deserve support. And while the current language in certain sections we think ought to be looked at further and as the legislation evolves frankly should be honed to avoid some disruptions in related areas of state law, it does seem clear to us that the objectives of your legislation are wholly consistent with the Commonwealth's policy to assure a sound foundation for electronic commerce. In fact, last month the Commonwealth went on record supporting the Abraham legislation in the Senate S 761, which by our likes supports very similar principles and also it does set a minimum national framework.

     When we're looking at legislation from the state perspective of Massachusetts here on the Hill and evaluating whether or not it really should succeed from a preemption perspective and from a perspective of supporting e-commerce and commercial law generally, we ask these types of questions. Is the legislation narrowly tailored to address existing and well-understood market failures or failures in law? In other words, is it minimalist? Is it doing only what's necessary to right a wrong or to facilitate a place where the free market or at least our existing market system is not operating optimally? Does it promote a competitive marketplace for different technologies? This has been mentioned a couple of times today. Locking into a single technology for authentication or electronic records in our view is not generally a good idea and in federal legislation can have a negative effect by distorting the market.

     We also ask whether it includes any new or expanded regulation or other government intervention, including a legislatively created accreditation or some other government approval or control that's necessary for technology providers or users. It's our view that especially in the e-commerce area that we're looking at an economic sector that's quite decentralized, almost self-organizing and distributive the way it's put together and therefore legislation that centralizes the market players really for the purpose of controlling them and regulating them is a bad idea.

     Finally, does the legislation disrupt other bodies of law or does it unduly preempt state jurisdiction? This is what I'd like to talk about in a little bit more detail. We think there are compelling arguments that favor generally keeping governance of commerce under state jurisdiction where it exists today, primarily, under the Uniform Commercial Code and related law and that's provided the law is sufficiently harmonized so as not to present undue barriers to interstate commerce. We think generally states are more agile, we're somewhat smaller, we can react somewhat more quickly to changing market conditions and that's going to be particularly important in this e-commerce base.

     However, there are certainly cases where the national interest requires that federal action does preempt state law and this has long been accepted where states create undue impediments to interstate commerce and the fact that states, as has been noted many times this morning even so far, the fact that we've enacted so many different laws governing electronic signatures and records, it's clearly been a contributor, a major contributor to the current efforts for federal action. If state were to quickly pass uniform law in this area, we believe it's likely that the legitimate private sector interests in a national baseline would be satisfied and it would be satisfied through the uniform law process.

     And we think in the end that this is the preferred method of creating a baseline because the draft Uniform Electronic Transactions Act, which Andy Pincus had mentioned, does represent at this point, the single best and the most comprehensive legislative effort to date. And it causes no serious legal disruptions in other areas of law and it comprehensively deals with many issues about contract formation, contract interpretation, notice requirements, all of the secondary and third level issues that are implicated when one lifts legal barriers to using electronic records.

     There's many interdependencies with many areas of law and these people have done a very good job through a multi-year open process with a lot of state law experts in the public sector and in the private sector deliberately going through all of these interrelated areas of law and crafting a very good comprehensive act. We have a problem in timing, which has been pointed out, I think very convincingly, by advocates for the private sector. They need legal reform soon.

     I think the objectives of the legislation today, HR 1714, are evidently crafted to satisfy the legitimate interests of industry to come up with some baseline quicker as we wait for uniform law to evolve. And I think based on looking at that criteria I'd mentioned, the bill really can directly satisfy the industry needs without disrupting these other policy concerns.

     I would request the privilege to add an addendum to my remarks within 30 days under House rules for the purpose of providing some more detailed comments on some of the precise provisions of the current language as they relate to some of these other areas of state law and to the emerging Uniform Electronic Transactions Act.

     Thank you.

     REP. JOHN SHIMKUS (R-IL): And there's no one here to object, so I'll let you do it. How about that?

     Thank you, sir.

     MR. GREENWOOD: Long and short of it is we support the principles that appear to underlie this legislation. We would look forward to an opportunity to continue to offer any services we can or any assistance we can to this committee and to the other committees that will work on the legislation as you try to work through the very complicated issues with state law and thank you again for the opportunity to testify today.

     REP. SHIMKUS: Thank you.

     Our next witness is Mr. Ari Engelberg, vice president of strategic Web development, Stamps.com. Of course, your written statement's in the record, summarize for five minutes and welcome.

     MR. ARI ENGELBERG: Thank you, Mr. Chairman, members of the subcommittee, my name is Ari Engelberg, I am a founder of an Internet company called Stamps.com. Stamps.com, working in conjunction with the information-based Indicium Program at the United States Postal Service has developed an exciting mainstream application of digital signature technology and I thought I'd use my few minutes here this morning to tell you a little bit about how our technology works and how it relates to this bill.

     What we are is one of the first companies to develop an e- commerce system that enables individuals and businesses to purchase and print US postage over the Internet, using nothing more than an ordinary laser or inkjet printer. Our service is a simple one. Users download a small piece of software from our Web site or from the Web site of one of our partners and after a short registration process, which includes the US Postal Service meter licensing, users may purchase postage through a variety of payment methods, including wire transfers, credit or debit cards. The postage payment is then transferred directly to the Postal Service.

     To print postage, users log onto their accounts on our postage servers over an encrypted link and designate a delivery address. The postage servers then perform a variety of functions.

     The users postage balance is debited by the appropriate amount, spelling and zip code mistakes and the address are corrected by national address database to ensure higher address quality and more efficient mail piece ratting through bar coding. And most importantly, a digital signature is generated for each stamp using a cryptographic key unique to each user. A digital signature is then sent back across the link the users PC where it is encoded in a two- dimensional bar code. This bar code is the security critical portion of the Postal Service's new information based indicium.

     And each of you, Mr. Chairman, may have in front of you, an envelope, which is adorned with Internet postage. That's live postage and you can take that back and mail it off to your district office. The bar code on the envelope can be scanned using a handheld or a stationary devise and through a system that connects cryptographic keys generated by our Postage Service to a certificate authority maintained by the Postal Service, the authenticity of a given stamp can be ascertained.

     This system provides tremendous advantage to users. Postage is available 24 hours a day, seven days a week from the desktops. Addresses are corrected by our database to increase delivery reliability. Postage can be printed from within the word processors and personal information managers upon which so many small business professionals already rely. And by transforming what was once a product, postage meters into a service, Internet postage. Stamps.com has fundamentally alternated cost structures in this industry making postage convenience more affordable to a broader share of the business and consumer population in traditional postage meters.

     The enterprise comprises one of the most complex highly secure electronic commerce systems ever developed and it's been two and half years in the making. Our systems involves sophisticated cryptography, advanced data center operations, and secure financial transactions. The advantages of this advanced system are enabled by the security of the information-based indicium by the security of the strong digital signature as a means of authentication of postage value.

     HR1714, provide the welcome legislative foundation for furthering e-commerce by explicitly legitimizing electronic signatures as proof of contract acceptance. For the purposes of this discussion, each indicium or stamp is a micro-contract authenticated by the electronic signature between stamps.com, the post office, and customer. That is if the customer uses stamps.com to pay for and print US postage the post office will the mail. This contract and the opportunity to offer this service is made possible by the integrity, authenticity, and (non-repudiabilty ?) of a strong digital signature and thus stamps.com strongly supports HR1714.

     Thank you for the opportunity to testify.

     REP. SHIMKUS: Thank you.

     Our next panelist is Mr. John Siedlarz. Oh, before I do that, I want to ask unanimous consent that we give all witnesses 30 days to include any and obviously I'm not going to object. And you will get questions probably that members may ask to respond in writing. So, I'll also without objection request 30 days for that response to be received for the official record.

     And now the next panelists, Mr. John Siedlarz, president and CEO of Iris Scan Incorporated, welcome and you have five minutes.

     MR. JOHN SIEDLARZ: Thank you, Mr. Chairman, good morning, Mr. Chairman and members of the committee.

     REP. TAUZIN: Pull that mike close to you.

     MR. SIEDLARZ: Thank you.

     In addition to being the CEO and president of Iris Scan, I'm also the vice-chairman of the International Biometric Industry Association and the association very much appreciates the opportunity to speak to you today and comment on 1714.

     As one example of the technologies that are covered by the association Iris Scan, my company develops a leading biometric product that identifies and authenticates individuals to the unique iris pattern of the eye, the visible colored ring surrounding the pupil. I wanted to pass on to Chairman Tauzin on his comment about dogs. And not only can we make a sharp distinction between humans an absolutely positive one, but we can tell a difference between a human. And we'll shortly be in the position of being able to tell the difference between the dogs that are in the Internet. So, I'd appreciate it if you would -- (laughter) -- convey that to him.

     IBIA is a trade association that represents many technology and the interest of the biometric industry as a whole. It includes a group of proven technologies that identify or verify individuals based on physiological characteristics. In other words, what you are, not what you hold or what you do. It's a very important distinction and I'd like to focus on for just a second later in comparing how you use biometrics with an encryption for a more secure transaction. Biometric identification and verification are accomplished by using computer technology and noninvasive ways to match patterns of live individuals in real time against enrolled records. Examples include the products that recognize faces, hands, fingers, signatures, irises, voices, and fingerprints. Biometrics are most commonly used to safeguard international borders, protect computer network security, control access to sensitive work sites, authenticate financial transactions, verify time and attendance, and prevent benefits fraud and provide secure transactions on the Internet.

     Biometrics in sum, are excellent means to secure privacy and prevent identity theft. IBIA supports 1714 and the efforts Chairman Bliley on the committee to move this legislation forward. We specifically endorse the attempt to make sure that the technology is essentially neutrally identified as far as the legislation is concerned. Our only argument with the bill and it's a very small one, is the language in Section 104, which defines an electronic signature as a signature in electronic form. We think it's appropriate to have that language broaden slightly maintaining the focus on neutral technology approaches in the legislation. And be consistent with what the Senate dealt with in S-2107, the Government Paperwork Elimination Act last year where based on testimony from expert witnesses, the Senate chose to strike language that would favor a digital signature and instead substituted the technology neutral phrase, electronic authentication.

     The specific reason for this action was to avoid a constricted definition that would have the combined effects of unnecessarily restricting the market for biometric products creating a competitive advantage for a small group of solutions and freezing options for substituting newer technologies as they are perfected.

     Once again, we wanted to emphasize that in our view and a growing recognition among the community is that the combination of encrypted data and biometrics at either end of the transaction in effect provide the only means of a secure solution for transactions on the net. Biometrics cannot do that by themselves. Encrypted data cannot do it by itself. It is a combination of those two technologies, which I think is being recognized. And I think which this bill ultimately would supports in its technology neutral language.

     So, the IBIA strongly encourages committee to take a similar approach to the action in the Senate. This can be accomplished be rewarding the first part of the definition contained in Section-104 guaranteed to read as follows. Electronic signature the term, electronic signature means a biometric or other sequence of data in electronic form.

     This change would ensure that the bill does not rule out the use of sound biometric authentication solutions that have been specifically designed to accomplish the purpose of the bill. The IBIA thanks both subcommittees for this opportunity to express its views in supporting 1714. I would welcome your questions about biometric technologies and their elements to this important bill.

     Thank you, Mr. Chairman.

     REP. TAUZIN: Thank you very much, Mr. Siedlarz. I understand you made the case for identifying dogs and --

     MR. SIEDLARZ: I have indeed.

     REP. TAUZIN: My wife would contest that, by the way. She thinks our dogs are human, -- (laughter) -- so that would be a problem.

     We're pleased now to welcome Mr. Christopher Curtis (sp), associate general council of Capital One here in Falls Church, Virginia.

     Welcome Mr. Curtis.

     MR. CHRISTOPHER CURTIS: Good morning.

     I am Christopher Curtis, associate general council of Capital One Financial Corporation. And I appreciate the opportunity to testify today in support of HR-1714. Capital One is one of the world largest issuers of credit cards and a direct marketer of consumer and small business lending products. We are also a pioneer in the direct marketing of wireless telephone service who are subsidiary American One communications.

     On behalf of Capital One, I'd like to thank the subcommittee for considering this legislation and I hope you'll report favorably on it. The world of online commerce is exploding all around us, offering more efficient commerce enhanced greater wealth for all Americans. However, further development of electronic commerce maybe impeded by the issue of online authentication, the means by which one party such as a merchant or financial institution knows who's it's dealing with as well as the issue of online signature, a means by which a party legally binds itself to transaction. Without resolution of those issues, we fear that parties will be reluctant to enter into larger transactions with more numerous and remote counter parties.

     I'll refrain from any technical discussion of the electronic signature technologies currently available. Instead, I want to endorse what I see as the two basic principles of this legislation. First, the bill establishes a national principle of recognition of electronic signatures and second, the bill rejects any prescribed technical standard instead allowing the marketplace to decide what technologies are best.

     By establishing a uniform rule of recognition, the bill provides what we see as the keystone in a sound legal architecture for electronic commerce. In the current chaotic legal environment, the validity of electronic transactions is governed by the law of each state.

     A number of states have moved to recognize electronic documents and signatures, but not in a consistent manner. Electronic signatures that are valid in one state may not be valid in another state. Moreover, some states still don't recognize electronic signatures at all while there is the uniform state process, which is underway. As it's been discussed this morning, we know that may take a long time and may not, in fact, in the end, result in a uniform product. Sometimes the uniform process doesn't.

     As a result of the current situation, individuals and companies doing business on the Internet face considerable uncertainty as to the enforceability of their transactions. There's a significant concern that a party to an agreement can simply deny making the agreement. The ability to do so opens the door to fraud in electronic commerce and hinders growth in this medium. We'll never achieve the full potential of electronic commerce until agreements entered into on the Internet are valid and enforceable.

     We also support the bill's principle of free development of electronic signature technology. This will allow the market, not the government, to determine the desirability of a specific technology. We at Capital One would not presume to tell you what electronic signature technology is best and even if we could, what's best today, may not be best five years from now or 10 years from now or even one year from now. The proposed legislation takes the right approach by insisting that those issues be left to human ingenuity as tempered in the marketplace.

     In conclusion, Capital One strongly supports the enactment of HR 1714. We believe it provides the best legal basis for unleashing the Internet's potential to transform commerce. We're grateful for the leadership of Chairman Bliley in introducing this legislation and to the subcommittee for considering it.

     Thank you for the opportunity to testify before you today.

     REP. TAUZIN: Thank you very much, sir.

     The Chair now recognizes himself for five minutes and members in order.

     First of all, Mr. Pincus, you're aware, of course, of the July '97 German digital signature law. That seems to be very restrictive in terms of using only digital signature technology and the government's August '98 position paper on international recognition of digital signatures reinforcing their own law. Can you tell me how the US is responding to this very alarming direction that the government of Germany is already taking in this area?

     MR. PINCUS: Certainly, Mr. Chairman.

     Let me mention one set of international developments that's relevant. Just as we are having this discussion here, the question of promoting uniformity has been very much an issue in Europe within the European Union. And, in fact, the European Union has -- the European Commission has proposed an electronic signature directive that is now working it's way through their process and it's expected to be finalized sometime toward the end of this year that is much closer, although not completely congruent with the principles that I discussed earlier and will require significant changes in the German law.

     We've made clear to the Germans that we think their approach is not technology specific. It's not technology neutral, it's technology specific and would create real problems in global commerce. The European Union approach is much closer, is more technologically neutral. It's different from the approach we advocate in that it provides for some government identification of preferred technologies and giving them a legal presumption, which we think is not the ideal way to go, but it's a lot closer to where we are and will require significant changes in the German law.

     REP. TAUZIN: Andy, you mention that you're not sure, yet. You don't know whether or not electronic commerce is impeded yet by the lack of a national standard that is technologically neutral, nevertheless moves all the states in the same direction. How do you know what activity is not going on? How do you identify what is not happening in e-commerce and we can identify what's happening? How much is not happening? Maybe you can jump in and help me with this some of the other witnesses. It seems to me that that's a hard thing to quantify. It seems to me that if we're smart enough to pass a national standard that is amenable to all the states, that a lot of things could happen that aren't happening today. Am I wrong in that?

     MR. PINCUS: I think you're right, it's hard to know. I think in talking to the private sector, which obviously has it's finger much closer to the pulse than we in government do, most of the concerns that we hear expressed are in terms of what happens, if we don't get to a uniform standard soon. We don't hear a lot of examples of people saying we're thwarted from doing something right now.

     REP. TAUZIN: Well, let's find out. Ford Motor Company, you know, indicates that, Mr. Skogen, that you do a lot of online customer activities, but the customers still have to go to a dealership right and sign a contract at the end of it all. Is that correct?

     MR. SKOGEN: That's correct.

     REP. TAUZIN: Would it be helpful, if in fact we had a national standard, so that you could do all of that business online, including the contract. Could we end up one day where customers could design their cars, order them from you online and the factory would build it and ship it?

     MR. SKOGEN: Well, I guess anything's possible. (Laughter.) But we do, in fact, receive requests from customers and e-mails on trying to make the process a little smoother for them, allow them to do as much of it from home as possible. In fact, even some dealers today are delivering vehicles to the customers' homes, you know, that have ordered it over the Internet.

     REP. TAUZIN: Yeah. So, I mean, a lot more is possible, if we're wise enough to have a nice set of standards.

     Let me ask you in terms of the current bill, Mr. -----, you've made a case for technological neutrality here. Is our bill sufficiently technologically neutral?

     MR. SIEDLARZ: I think it is. I think, Mr. Chairman, it's very close. I mean, with the exception of our little sensitivity on the issue of biometrics and the way we link biometrics to encryption and a growing understanding of those who have to work together, I think that is true.

     I think -- what's one added comment to your previous question, if I may and it has to do with the issue of how we judge what's happening on the Internet today. I don't think we know the true story. I don't think -- because we measure everything in terms of financial losses, for example, in the misuse of a credit card or having that information stolen. We don't know, in fact, whether or not privacy is not being invaded at a significant level and yet, not realized today by the consumer. We simply don't know the levels of penetration that's --

     REP. TAUZIN: You don't know how many consumers refuse to use e- commerce until they know that all of this has been worked out.

     MR. SIEDLARZ: That's correct. We expect it's a large number.

     REP. TAUZIN: Mr. Curtis, let me get you to help us, too. How deep is the concern about disavowal of transactions right now or repudiation and the losses that might be incurred by companies without a digital standard?

     MR. CURTIS: Well, our concern about that is fairly high. We are moving forward with a number of initiatives that will have us more active online, but concern about issues of disavowal and constantly fraud, actually are a high level concern with us and are holding up some of those initiatives that I don't really want to talk about in detail because they're company confidential. But we probably would be moving faster and providing more online Internet service sooner, if there were greater certainty of transactions over the Internet and a more secure legal basis for them.

     REP. TAUZIN: So you have that same sense we seem to have that consumers, in many cases, are going to be much more willing to engage in e-commerce once we have some kind of national standard established?

     MR. CURTIS: Yes, I think that's true definitely.

     REP. TAUZIN: Secretary Upson, before I leave you and go to other members, would you give us a little clear understanding of the Virginia concept of the best practices center? What is it? How does it work? What does it do?

     MR. UPSON: Yes, Mr. Chairman, I'd be pleased to. In fact, I'm sorry I neglected that in my remarks, but one of the things we're trying to do is encouraging the state agencies to and Governor Gilmore's about to sign an executive order that will require state agencies to think about the electronic signature environments, putting up systems that facilitated in their contractual arrangements. But what we're establishing is a statewide best practices Web site, where agencies, smaller agencies, in particular, where they have problems can go and get information on how the process, I mean, digital signatures is but one element of it.

     But how, what other agencies are doing, indeed, what other states are doing, so that we might have the ability to take advantage of without having to reinvent the wheel or do something our own way and really build a best practices center that across government, we can use for a number of information technology reference for a number of information technology and electronic commerce initiatives. In fact, it's one of the recommendations that might be that you might consider is a best practice site that the Commerce Department or an appropriate place could have four states to be able one stop, understand where they could go and see what the best practices are, find out what other states are doing.

     REP. TAUZIN: Thank you very much, sir.

     And finally, Mr. Engelberg, we've got a number of members now. I wanted to wait until we had a sufficient number, but I thought this would be interesting for everyone. Here is your digital signature, right? On stamps.com?

     MR. ENGLEBERG: Right.

     REP. TAUZIN: Explain to us how it works, and how it's secure, and how it's authenticated.

     MR. ENGELBERG: Each bar code is unique.

     Each one contains a digital signature that is generated for that particular mail piece. The bar code contains additional information like the delivery routing zip code, where it came from, a date/time stamp, and the amount of the postage. The digital signature is generated by a private key, a cryptographic key, which is unique to a particular user. And when we create that key set, it's sent to the Postal Service's certificate authority where a digital certificate is generated.

     That certificate serial number is embedded in the bar code, and in the event that the Postal Service wants to authenticate the bar code, authenticate the postage, it can scan the bar code, get the certificate serial number, and from its certificate authority then get the public key to read the digital signature, and if the two match, it's able to read the digital signature, then, you know it was generated by a valid key.

     So, that's the full --

     REP. TAUZIN: So, it's an encrypted system with a private key, with the availability of the Postal Service to use a public key to authenticate it if necessary.

     MR. ENGELBERG: Right.

     REP. TAUZIN: All right. Thank you very much.

     The chair will now yield to the gentlelady from California, Ms. Eshoo.

     REP. ESHOO: Thank you, Mr. Chairman, and my thanks to each one of the panelists for your excellent testimony to us.

     I'd like to start out with Mr. Pincus. Thank you, again, for your testimony, for your good work at the Commerce Department on the international front of this very important issue. My question to you concerns the section on preemption, and I'm sure you would have guessed that that's what I would be asking your about, Section 102 of the bill. As you point out in your testimony, this section would empower the secretary of Commerce to file an action to enjoin the enforcement of state statutes prohibited by this act.

     I have two questions, first, did the secretary of Commerce seek this authority, and secondly, what effect do you believe such a statute would have on state laws addressing electronic authentication. And then, as a follow up, I would like Mr. Greenwood and Secretary Upson to also comment on the question, and Mr. Pincus's response.

     So, I'm asking you to divvy up the time now because those are -- that's my question.

     Mr. Pincus.

     MR. PINCUS: Thank you, Congresswoman Eshoo.

     Well, we certainly didn't seek this authority cause as I mentioned in response to the Chairman, we're not sure that the case has been made yet that there is a need for preemption, although it's always risky. When the Chairman is making a case, you'll sort of always know that you're --

     REP. ESHOO: But that's what hearings are for so that we can point out the different parts of the bill, develop consensus, have the strongest one that's going to work well for the country.

     MR. PINCUS: No, I understand that. And so, we didn't seek that. And I think that to the extent there is a case for preemption, as I said in my oral statement, it seems to us that's it's a case to create a gap-filler rule until the states enact the Uniform Electronic Transactions Act because I think everyone agrees, as I said, that if we could wave a wand and be sure that every state would do that in a short period of time, then, there would be no problem because that is a very strong, uniform basis of national law.

     So, it seems to us that that's what we should be doing, and some of the concerns that are expressed in my written testimony are that this really goes beyond that goal and could create some continuing question about the preemptive effect of this measure vis-à-vis any state law, uniform state law that was enacted that could cause a lot of confusion about what the governing rules are.

     REP. ESHOO: Thank you.

     MR. GREENWOOD: Thank you.

     I tend to agree with Mr. Pincus, and I guess I would just emphasize one part of it, which is that we really are, I think, at the cusp of uniformed state law in this area. And the NCCUSL, National Conference of Commissioners on Uniform State Law is almost at the end of a multi-year process of developing the Uniform Electronic Transactions Act. I feel like I've been privileged to be at almost all of their drafting meetings, and it's quite an incredible process to see them go through so many areas of interrelated areas of state law and common law, and get down to the fundamental interests that industry has in creating a better legal framework, and make sure that they're meeting those interests, while also balancing other interests as well.

     REP. ESHOO: Do you think that the states in developing the model legislation would have that completed within the two-year deadline that I think the bill establishes?

     MR. GREENWOOD: That is going to be one of the areas that we'll be proffering comments on within our 30 days. The two-year time limit, in our view, is somewhat problematic. The preemption balance is going to be the most delicate one in a measure like this, and I key criteria is that it allows jurisdiction to revert back to the states as part of our comprehensive commercial code, and commercial law, and Uniform Electronic Transaction Act process. That may happen. We have some states that are not even going to be in session and have legislative sessions every other year -- Texas, and some others, for example.

     And the other issue of this is we're talking about an area of law, which is going to be evolving over many, many years. The markets will evolve. Technologies will evolve. Things will come up. And so long as you have states around, and so long as we have these legislatures, and we have other interrelated areas of law, we're going to need the flexibility to maintain the jurisdiction, and in a sense, the sovereignty to continue to discharge those duties to make sure those laws are appropriate in responding to these changing conditions in two years, in 20 years, hopefully, in 200 years.

     REP. ESHOO: Secretary Upson.

     MR. UPSON: It's an interesting question. I would just comment that I think what the statute does, or at least what I understand to be attempted here is that uniform standard of recognition across the country that we recognize an electronic signature is in the interest of the citizens of every state. And we have, of course, it's a little moot for Virginia, we've got our -- we're in place. So, we'll be within the two years.

     Part of my thinks as to speak as a consumer, I hope that the states would have that in place within two years. For the ease, the ability to do the kinds of transactions that are multi-state in terms of insurance, buying a car, registering with a financial institution, anything, I'm not sure that -- I'm not so sure that in Internet speed that our society is moving at that it will -- maybe I'm an optimist -- will even be an issue in two years. I think that, I hope that the national standard, itself, is in place that this law establishes.

     I would feel differently if there was a prescription for how we do it as opposed that there's a recognition that an electronic signature is binding. And I think that's the significant part. So --

     REP. ESHOO: I don't think the committee has ever in any of its legislation prescribed to a certain technology. I don't think that's for the Congress to do.

     MR. UPSON: No, I understand that.

     REP. ESHOO: So, we agree with you there. The area that I'm pursuing, as you clearly understand, is how we marry the test kitchens, as it were, of the states, and not dampen their creativity, developing something that's timely across the nation, but not trample on one another. And that's the area that I'm asking you about. I'm not so sure what your answer is.

     MR. UPSON: I guess I don't consider the -- I don't see the trampling in the legislation. I don't as a --

     REP. ESHOO: Do you believe the states are being respected, that if they don't come up with something in two years that the bill would impose --

     MR. UPSON: I, frankly, can't -- well, I would hope that the states within two years would have it in place. I just think that in two years, we'll be so far along with electronic commerce. But I think it's important that --

     REP. ESHOO: But this is electronic signatures we're talking about though.

     MR. UPSON: Right. Well, the electronic signatures are an integral to it, so --

     REP. ESHOO: You are doing your best to give me an answer, and to be very respectful of Chairman Bliley, and I appreciate that.

     MR. PINCUS: Congressman, can I underline one thing that Mr. Greenwood said because I think it's important.

     One of the problems of the two-year period is if 10 years from now, and this frequently happens with uniform laws. There's an update that's done. I think the way that this is written because of changes in technology or things we can't even anticipate, I think the way this is currently drafted, it would prevent the states from coming back with another uniform law that updated the first one. And I think that's what he was getting at, which is a -- because it has this continuing preemptive effect.

     REP. ESHOO: Well, I appreciate the comments that you've made, each one of you. And I think, Mr. Chairman, it is a section of the bill that I think needs some dressing up.

     I yield back.

     REP. TAUZIN: Thank the gentlelady.

     The chair now recognizes the gentleman, Mr. Shimkus, for a round of questions.

     REP. JOHN SHIMKUS: Thank you, Mr. Chairman.

     I want to first direct my question to Mr. Engelberg, based upon your response. You saw us all chuckling. Encryption is part of this issue, but we've also got another big issue before us on encryption. I guess the question I want to ask first is our issue addressing the ease of export controls for encryption products. What is the role of that in your perspective and I'll just ask for your comments.

     MR. ENGELBERG: Well, as a company, Stamps.com doesn't have a sort of formal position on export controls of encryption. We are working with international postal authorities to try to achieve an international standard, along with the US Postal Service, for digital signature, for the two-dimensional barcode so that this form of postage can be recognized worldwide. Right now it's restricted for domestic use.

     REP. SHIMKUS: And why is it restricted for domestic use?

     MR. ENGELBERG: It's both internal US Postal Service -- well, there's a bunch of reasons. It's mostly a Postal Service decision, but international postal authorities don't yet have the ability to recognize that type of postage.

     REP. SHIMKUS: Does it depend in any amount on our encryption policy?

     MR. ENGELBERG: I don't believe so, but I would want to investigate that further and provide a written response.

     REP. SHIMKUS: Also address, because you talked about public access and private access of keys, which of course is the perception on your end as far as no fraud and the ability to have access to both public and private. Is that a concern; is it not a concern?

     MR. ENGELBERG: In our system, the keys that are used to generate the postage are not actually in the hands of the user. They're always maintained on our servers and when a user logs in and is authenticated through a proprietary authentication process, the keys that are used to generate postage for their unique account, for their meter, are pulled from a database and are used within the boundary of a highly secure cryptographic device, cryptographic environment.

     One of the concerns that I highlighted in my written statement was that that private key in the hands of somebody who doesn't know how to use it can be dangerous, in that somebody can get a hold of your private key and begin signing things and it's non-reputable. And so one of the reasons that we hold onto the keys that are used to sign them.

     REP. SHIMKUS: Is it more possible in a encryption environment where we have limited access to -- well actually this is an export issue so I don't want to go there.

     Let me follow up. What if there is an issue on mail fraud and the government, I guess Department of the Treasury would want to address that. How would they get access to a key to follow information, or would they?

     MR. ENGELBERG: Well, one of the major motivations for this system is actually was to combat mail fraud. Traditional postage meters are susceptible to fraud, you crack into them and literally roll back the meters and so this is a way of stepping up the security of evidence of postage. With regard to which government agency would sort of conduct an audit, right now that exists within the Postal Service and the way they would do it is by scanning any individual mail keys and checking the validity of the digital signature using a Postal Service certificate authority, which the Postal Service run.

     REP. SHIMKUS: Okay and then I think I still have some time so I'll go to Mr. Skogen from Ford Motor Company. Would you please outline a few components of the transaction costs your company may incur if it's faced with 49 different state electronic signature laws? I don't know why it's 49. I don't know why 50 different signature laws is possible.

     MR. SKOGEN: Maybe I can respond to that from a little bit different side and maybe look at some of the things that we're looking at in doing today on the Internet that I think could be affected by it.

     For instance, we have, or I see several opportunities or several applications for the Internet that we've already launched. For instance, company to dealer communications through a dealer Internet Web site which enables us to communicate faster on a more timely basis from one central location. And some of the things that we would like to do on that Web site are going to require some type of electronic signature. Ford Credit offers customer account access online, which it provides 24 hours, seven days a week account access for customers, secure account access and today we have roughly 170,000 Ford Credit customers that are using it on a monthly basis.

     Our purchasing organization is analyzing warranty repairs via the Internet along with our suppliers. They're pursuing a paperless purchasing process, which includes non-production purchases of several billion dollars a year and on the Ford supplier side Ford has a Ford supplier network which they can access through the Web which today offers information and communications facilitating the engineering process, along with online training. But everything that I've mentioned provide additional efficiency and convenience but would be more efficient with electronic signatures and more secure.

     REP. SHIMKUS: And much more difficult if you had to comply with 49, 50 different encryption possibilities.

     MR. SKOGEN: Yeah, that's true. I guess since whatever advances e- commerce the quickest, whether we get it from the states or whether we get it from the federal government it has to be uniform and has to be soon.

     REP. SHIMKUS: Mr. Chairman, I yield back.

     Thank you.

     REP. TAUZIN: Thank the gentleman.

     The chair now recognizes the gentleman from Tennessee, Mr. Gordon.

     REP. GORDON: Thank you, Mr. Chairman and let me once again thank you for your tolerance in allowing a little flexibility here today.

     As I had mentioned earlier, last year the House passed the Government Paperwork Reduction Act and I have introduced legislation to try to bring that to a head. That Act required that by the Year 2002, the various federal agencies would be able to communicate with electronic signatures and with you know with their constituents. But it's really set up no guidance and you could wind up getting into a situation where because of interoperability within an agency or between agencies, you could have even a more difficult time trying to communicate than before.

     So what our signature legislation does it sets up or dictates or directs NIST, which is the National Institute of Standards and Technology, to establish some minimum technology-neutral standards so that the different agencies will be able to buy off the shelf products and have interoperability. That was the objective. I have vetted it extensively with the private sector and on all on a positive basis, if anything they say goes beyond this in having authentication for you know beyond just electronic signatures. And I've tried to make this available to all of you. I don't know whether it's worked its way up through the food chain or not.

     I'm going to break the cardinal rule of a lawyer and ask a question that I don't know the answer to and I'll start with Mr. Pincus and just -- the ones of you that have had an opportunity to review this any kind of feedback that you might give please.

     MR. PINCUS: Certainly, Congressman Gordon. Let me say first of all, maybe a little parochially, we're very proud of NIST at the Commerce Department and its expertise in the computer area among many other areas and we think it does have a role to play. I think our questions involve how this legislation would interact with last year's and making sure that -- because last year's legislation is working.

     Agencies are moving forward with the process of putting, moving online, adopting authentication methods that work for whatever their particular interaction with their customers or constituents is and I think we'd be interested in working with you to provide a way so that agencies, as Mr. Upson said, have access to the resources so they know what's out there in the marketplace. Where we get concerned is the idea that there can be a sort of a one and fostering interoperability to the extent possible. But the problem in the government, just like in the private sector is different kinds of authentication and different levels of security may be appropriate for different kinds of government, non-government interactions and so we're leery of an approach that there can be sort of one digital signature that you get for all your interactions with government because that's not how the agencies are going just because their, as I said, their missions and their various interactions may require different levels of security, depending obviously very high for Treasury and that it's dealings with financial institutions, may be much lower, if it's just filing a form, an informational form, that doesn't carry the same consequences, if things are mislaid. So I think that's -- my reaction is we'd, obviously, be very happy to work with you in moving this forward, but I think with that, sort of, overall --

     REP. GORDON: Well, our objective is not to look for one standard. Our objective is just to, again, allow minimum standard. I know that at home we had a -- when our -- we've got 95 counties in Tennessee and we sometime back tried to get them all to take their election commissions and get them computerized. Well, each election commission pool got the cheapest thing they could find. There's no interaction between them and we're having to start all over and so there are a number of, I'm sure, good products there. What we want is the agencies to know which ones can be interoperable, which ones and where you go out on the shelf and purchase those.

     Anyone else?

     MR. PINCUS: As I said, on the off the shelf point, we're very focused on the idea that we shouldn't be looking to create special products or technologies for government and that what we should -- what government agencies should be doing is look what's out there in the marketplace and pick something that works for them.

     REP. GORDON: Trying to keep within our time, anyone else just have a --

     MR. UPSON: Just a quick observation. I'm not real familiar with the legislation, but as you describe it, there also is under the Information Technology Management Reform Act Congress created and the President signed, a chief information officer apparatus, where you've got the agencies with the knowledgeable people and they have -- I forgot what their mechanism is in that bill, but they meet regularly, as you know.

     REP. GORDON: I think it's the OMB.

     MR. UPSON: Yes and each agency has a representative and that might be --

     REP. GORDON: We're trying to work with them to, again, to find that continuity.

     Yes, sir.

     MR. SIEDLARZ: Congressman Gordon, one other quick response, one to make you aware of the fact that there's a significant movement within the industry to find application program interface standards that all companies and all technologies can meet, up to a certain line, for that kind of handshake that would make them interoperable. One of the most significant ones is an organization, ad hoc organization called Bio-Appy. But most of the major computer manufacturers as well as significant participants from the biometric industry are involved in the development of those standards and I think before the government steps in and attempts to adopt the standard, even a common denominator one, which I think is admirable, I think the product of those industry groups would be useful first.

     REP. GORDON: If you would, if you could provide me with the name of that organization and how to contact them, that would be helpful.

     MR. SIEDLARZ: I will. I'd be happy to do that.

     REP. GORDON: Thank you.

     MR. GREENWOOD: If I may take a stab? I had an opportunity to review the legislation and one of the sections of it that I thought held a lot of promise to be assistive was the panel, which I think was the last section. A number of states, of course, have been struggling with the same question. How do we organize? How do we standardize? How do we assure interoperability among our usages of electronic authentication, in particular the usages of certificate authorities and certificates and digital signatures?

     I'd be happy to make available to the committee in part in response to your question dropped guidelines document, which we came up with collaboratively with, actually with some federal agencies, but mostly with private sector entities through the National Automated Clearinghouse Association. Something called the certificate authority rating and trust guidelines and we opted, in the end of the day, for not central standards from any given organization or even consortium of organizations, but rather at this stage, since we are in still an early phase of development of the technology and the business models supporting this technology, we opted to give some guidelines for bottom up standards through watching best practices emerge, contracts and operating rules, things of that nature.

     And the only other observation I make on the bill, which maybe, should deserve some more review, is it does seem to have a underlying assumption that the usage of certificates will be part of a trusted third party certificate authority model. And our review of this in this carrot document in the natural organization seem to indicate that the business models are developing more in line with a so-called closed system or bounded system, where the people or the organization issuing the certificates for use, is actually one of the two parties themselves. So it may be, you know, your bank is issuing you a certificate. It's not some third party certificate authority, so that's something that might bare some more analysis in your --

     REP. GORDON: Yeah, I think within the federal government, you're going to be dealing with constituents more than business, so we have some business to business, but there'll also be some individuals that won't have that sort of in house ability.

     MR. SKOGEN: I would like to just make one quick comment here. We see HR 1714 as the first step in establishing acceptance in the electronic signatures nationwide and we do support anything that advances uniform standards, such as HR 1572. I mean, if the federal government can be used as a model for widespread usage, I think that's great, but we think the industry-based standards for certification authorities would be better for business.

     REP. GORDON: Thank you, Mr. Chairman.

     REP. TAUZIN: I thank the gentleman.

     The Chair is now pleased to recognize the gentleman from Oklahoma, in e-commerce jargon, may not have been much of a sender, but was one hell of a receiver, Mr. Largent.

     REP. LARGENT: Thank you, Mr. Chairman.

     Mr. Pincus, being at the Commerce Committee, can you give us any idea of what the number is in terms of dollars that's being conducted today, e-commerce in this country?

     MR. PINCUS: In my written testimony, I have some numbers that -- they're really -- the projections are overtaken when we get to reality and so the projectiles go up another notch. We're now -- the forecasts that we're hearing are that online retail sales will be about $40 billion by 2002 and that all e-commerce activity, including business to business, which is obviously a much larger amount, could be up to $1.3 trillion in around that time frame, 2002, 2003.

     REP. LARGENT: What would you estimate that it is in 1999?

     MR. PINCUS: I think in 1999 with the online that sort of Christmas retailing was in the seven to $9 billion range and I think the -- I'm not sure what the number is for online business to business that we've -- it's many multiples of that. The business community is -- business to business transactions are moving ahead much quicker than retailing.

     REP. LARGENT: So are you -- $12 billion (dollars), $20 billion (dollars)?

     MR. PINCUS: I think, maybe, in the upper ranger of around $100 billion (dollars) range.

     REP. LARGENT: A hundred billion? That's all electronic commerce. I'm trying to compare your numbers, 2002, you said, $40 billion (dollars).

     MR. PINCUS: No, $100 billion (dollars) for the -- but the all in number was $1.3 trillion (dollars).

     REP. LARGENT: Well, okay, that's what I -- okay, so $100 billion (dollars) and we're anticipating that grow by 12 fold in 2002.

     MR. PINCUS: I think the growth rates are very high.

     REP. LARGENT: Okay. Do we have any idea what kind of abuse is taking place today because of the lack of verifiable or uniform signature electronic signature laws in this country? I mean, how much people stealing VISA card numbers and so forth? What kind of abuse is taking place today?

     MR. PINCUS: I don't think we know, but I actually think to separate signatures and payment mechanisms, even if we had a signature law, even if the Uniform Electronic Transactions Act were enacted today, that still wouldn't provide a means of paying for it and I think in the foreseeable future for consumer transactions there is electronic money and things that are off a bit. I think people anticipate that credit cards are going to be the method of payment for consumer transactions in the near and medium term and the credit card companies themselves have been developing some kinds of security mechanisms to be sure that credit card numbers aren't misused.

     But you know as some people have pointed out, if you give someone your credit card in the restaurant, it passes through a lot of people's hands and the opportunity of people, if they have a fraudulent frame of mind to get the number and misuse it, is not that different from some electronic person catching it. That person, if they get into the stream, can obviously catch a lot more numbers and may have bigger opportunity for fraud, but I think the credit card companies are very focused on that since they bare the burden of that fraud and figuring out ways to prevent it.

     REP. LARGENT: Do you hear from the states very often in terms of the dollars that are conducted through electronic commerce that escape state taxation or even the city and municipality?

     MR. PINCUS: I'm privileged to be Secretary Daley's representative on the Internet Tax Commission, so in preparing for the first meeting of that commission, which is going to take place in Williamsburg on the 21st and 22nd, I've been hearing a lot of information from states and localities about their concern that there may not be a tax collection mechanism and what that might mean for their revenue base.

     REP. LARGENT: Yeah, so I mean I'm asking that question and kind of, because one of the issues is states in moving forward with their own legislation on electronic signature. I mean, would the fact that they're losing taxes because of electronic commerce be sort of a cold blanket on them wanting to move forward expeditiously within a two- year window or whatever on doing something themselves? Do you understand what I'm saying?

     MR. PINCUS: I understand what you're saying.

     I guess I haven't heard that. I think because of the economic growth potential of electronic commerce for our country and for each state, I think there's much more of a policy and maybe political imperative for states to do things that facilitates the growth of electronic commerce even it may as you say, if this other issue isn't solved, have an adverse revenue effect on them. I think what we've heard is much more of an interest in doing things to help e-commerce grow and then figuring out a way to deal with this tax issue.

     REP. LARGENT: Yeah, that's what I hear too is that it does flow both ways. In other words, you know you can open up your own electronic shop in your state and have people buying products from your state as well. So, you know, Siedlarz, I wanted to just ask you a little about your company and how that works. I mean what would I have to have on my laptop in order to do that iris deal? Everything that I need, do I have it on my laptop right now?

     MR. SIEDLARZ: Pretty much, except the only other peripheral that you need Congressman is a small imager, a camera that sends either the iris code itself or the image for processing to the laptop. And resident software on the laptop that would do the processing and comparison.

     REP. LARGENT: And does that have to have that broad band, high speed Internet?

     MR. SIEDLARZ: Well, it doesn't there are two different versions of it that we're working now. One, it can send the very low band with four to six frames a second. Another version sends 30 frames a second, but you're doing the processing in the imager. So, it depends on where you're doing the processing.

     REP. LARGENT: Yeah, Mr. Engelberg, my last question is to you. You were explaining a little bit about your electronic signature on your envelope. And I have to tell you that I honestly didn't understand one word you said. Can you kind of just tell me what business are you in; I mean what the heck do you do with this stamps.com? I don't have a clue. I mean who are your consumers, I mean you just work with the general public, I mean what would I buy from you? Or what's your business?

     MR. ENGELBERG: Um, our service is designed to provide postal convenience. We basically replace the postage meter and we make it possible for you to print postage off of your desktop printer using your laptop with nothing on it, you know, 24 hours a day, seven days a week. And you know we do it with a system because we've got the keys on our servers generate digital signatures to make each stamp unique. And there's a digital signature in every box, in every stamp.

     REP. LARGENT: And the Postal Service has to read that digital signature?

     MR. SIEDLARZ: The Postal Service can read it to audit the process, to determine the authenticity of the staff. And when they read the bar code, they can pull up the digital signature and it can validate that with the public key that they have on their certificate authority.

     REP. LARGENT: Okay, I've got you now.

     MR. SIEDLARZ: I'll stop there.

     REP. LARGENT: All right, -- (laughter) --, thank you. Yeah, don't give me too much information.

     Thank you, Mr. Chairman. I yield back.

     REP. TAUZIN: Otherwise he might go postal on us.

     (Laughter.)

     MR. TAUZIN: Thank you, Mr. Largent.

     The Chair is please to recognize gentleman Mr. Sawyer for a round of questions.

     REP. SAWYER: Thank you, Mr. Chairman.

     Every time we talk about electronic environment, one of the things that I try to do is to think back to the fundamental underpinnings of any process of law that might have proceeded. The environment that we're working in and to recognize that many of the protections that were offered, that are offered in conventional environments really ought to apply in a more technological one.

     Today we've been talking about interoperability and verification of signatures. And we've touched a little bit on sanctions, but I'm struck by the Virginia precept that suggests that where any Virginia requires a signature provides for certain consequences in the absences of a signature was satisfied by an electronic signature.

     I would really like to ask you talk a little bit about sanctions for falsification or failure to perform as agreed over a legitimate signature at both ends of a transaction. I'm particularly interested in the use of federal law enforcement standards. We've talked about postal standards, but I'm not sure about pro-postal fraud. Everything from bouncing checks to IRS in the way that has been used for enforcement.

     So, what I'd like ask each of you to do is thinking in terms of both in a multi state and transnational settings. Are there special places that we ought to look for pitfalls that are unique to this environment in terms of enforceability and comfort levels with sanctions and guarantees of privacy and security that are unique to this environment? It seems to me that if trust is at the core of a signature that that becomes particularly important when we're not only talking about the environment and electronic. But the playing field both multi state and transitional.

     Mr. Pincus, Mr. Upson and so forth -- I think --

     MR. PINCUS: Hmm-mm.

     REP. SAWYER: Special pitfalls that we need to look out for.

     MR. PINCUS: Well, I think one you mentioned is certainly privacy and you know we've taken the position that we should look for the private sector to lead the way on privacy protection. And certainly one thing that we believe is important is that authentication providers have good privacy practices, privacy practices that are up to the level of the good online privacy practice that we've talked about elsewhere. And I think most of them do. And that's clearly important because it is possible with some forms of authentication at least, that the authentication provider would have a lot of information about an individual's transaction that that individual might not want to be sold or at least would want to have to exercise a choice about whether that could be marketed or mined by data miners and things like that.

     So, certainly we think that that's something that is a good practice. We haven't advocated government solutions to that because we think the private sector is moving to it. But I think that's something that's right.

     I think as a general matter, although, the technology is very different and in some context it may be inappropriate as we have in the physical world to have special protections. We do have general commercial contracting rules and then we have special consumer protection rules unconscionably and things like that that apply to consumer contracts. And you certainly want to be sure that those things applied in cyberspace as well.

     There are some kinds of contracts in the physical world with respect to which we require special formalities, wheels for example. And one would certainly want to provide that that is also true to the extent that there even will be electronic contracting, that it be a form of authentication in that context that has special assurance because we insist on that in the physical world. I think, as of now, we don't see the need for a different, other --

     REP. SAWYER: I don't want to run out of time.

     MR. PINCUS: I'm sorry, other than translating those appropriately, we don't see the need for some special overall new rules in electronic contracting because we're concerned about how that might tilt the market.

     REP. SAWYER: Mr. Upson, would you be comfortable enforcing Virginia's laws based on signature in a multi state or transnational setting based on the kinds of protections that you have available.

     MR. UPSON: Well I guess I would look at it from this perspective. I think what we've tried to in Virginia is not create any new laws necessarily except that there's something like unsolicited bulk e-mail where we have a unique statute.

     But really if it's fraud in the non-electronic world, it's fraud in the electronic world. And we have tried to ensure that our statutes do exactly what Mr. Pincus said is insure that statutes recognize that that fraud is fraud. And if you falsify information electronically once that's recognized, it's a crime. The enforceability of that gets to we actually have a program to train recommendation, to train law enforcement professionals in cyber crime, I guess is the way to look at it.

     But really, we try to say our whole premise is and I think it's your too in this legislation in a number things you've done is that crimes are crimes whether they occur electronically or not. I'm also a believer --

     REP. SAWYER: I agree with that. I'm looking for special circumstances that we ought to be --

     (Cross talk.)

     MR. UPSON: And we've attacked it and we've created a cause of action because there are companies that engage in spam as a matter of business and pay fines that are set up. And we've made it very expensive now in Virginia, very expensive cost of doing business. And that's a unique to the Internet.

     REP. SAWYER: Mr. Skogen.

     MR. SKOGEN: Yeah, I'm really not the right person to respond to that question, but would be happy to get back to you.

     REP. SAWYER: Sure.

     MR. GREENWOOD: In Massachusetts one of the first things that the Weld administration did in the early '90s was to create a computer crime commission, which analyzed our entire body of statutory and common law crimes to see whether they were adequate for even what we were seeing then as our emergence into an information age. And I think that their results at that time really still hold true today, which is largely that our existing body of laws were adequate to handle the types of crimes and fraud, and other misdeeds that we saw developing, and with the exception that we have to keep asking the question.

     So, our approach is to remain on the lookout and to continue to have hearings like this and continue to ask and make targeted reforms as needed. We ended up making a larceny. I think we clarified a couple of things to just make it painfully obvious for our prosecutors as they made the case that, you know, larceny includes electronic property and so forth. So, we made a couple of small tweaks, arguably not even necessary.

     REP. SAWYER: Others?

     Thank you, Mr. Chairman.

     REP. TAUZIN: Thank you.

     The Chair's now pleased to recognize the gentleman from Illinois, Mr. Rush for a round of questions.

     REP. BOBBY RUSH (D-IL): Thank you, Mr. Chairman.

     Mr. Chairman, I want to also commend you for your patience and commend the witnesses for their patience. I know this has been quite a long hearing, and I just have a couple of questions for Mr. Siedlarz.

     This technology to verify someone's identity through their physical characteristics is pretty fascinating to me, and I'm sure to others. And you can accomplish this through the use of computers and other enrolled data. Is that it?

     MR. SIEDLARZ: There's a broad range of technologies, Mr. Congressman, that do that. Yes. In fact, maybe some 115 different versions of it are available today in the world.

     REP. RUSH: Well, who would take advantage of this type of technology?

     MR. SIEDLARZ: Well, you know, that question somewhat talks to the previous one from the Congressman about the issue of what we should be concerned about. I mean, the truth of the matter is that the new technology today has the capability of verifying an individual in a much more positive way than the previous signature, the human signature ever did.

     And to the degree that the federal law is not comprehensive enough to protect those who would attempt to steal and to counterfeit even the electronic version of that today, then, we need to do something about that. But as to who would do it, as the business on the Internet increases, and e-commerce increases, clearly, the threats against the electronic means of using technology to improve identity verification and authentication are going to come under a more serious attack, and anything made by man will ultimately be defeated by others.

     REP. RUSH: Is this technology aimed at a particular narrow group of people or is it pretty --

     MR. SIEDLARZ: No, it's the best biometrics, and I have to qualify it by saying that the best biometrics are, their whole purpose is to be absolutely useful to the general population to the degree that segments of the population would not be available, then the technology would be inherently flawed for use in electronic commerce.

     REP. RUSH: Okay, when you indicated that you can verify someone's identification through the pupil of the eye --

     MR. SIEDLARZ: The iris of the eye. Mmm-hmm.

     REP. RUSH: Are you going to have that information -- I mean, how would you gather that and collect --

     MR. SIEDLARZ: That's a good question. The way -- so, fundamentally, the image of the eye is taken and it is immediately converted into a digital code. Then, that's translated through a relatively sophisticated process into what we call an iris code and stored in the computer as 512 bytes of information. There is no way that if you take that hexadecimal code of 512 bytes that you could recreate the iris or recreate anything that looks like that original image.

     That information is essentially absolutely useless to anyone other than the system on crossing a firewall and leaking that image to an identity code. And even the new IBIA as an organization has taken a very strong stand in being proactive and privacy, and the ethics of privacy, and the use of rules maintaining privacy within the biometrics industry.

     REP. RUSH: So, how would you collect it though? How would you collect it?

     MR. SIEDLARZ: Oh, enrollment, well, you know, you look at a camera, and the code is created in a matter of seconds. --

     (Cross talk.)

     REP. RUSH: Do you have Americans, I mean, consumers just lined up?

     MR. SIEDLARZ: A voluntary situation, exactly. I mean, there are tests going on now, pilots in banks, both in Europe and in the United States and elsewhere where people voluntarily submit to enrollment to get a picture taken essentially using camcorder technology and to have that code created because it gives them a great convenience, and it protects their accounts, and frankly, protects their privacy in ways that it never did before.

     REP. RUSH: So, and this is my last question, are we approaching a date when there will be a national or an international database of pupils on file?

     MR. SIEDLARZ: Well, some of us might wish so from a business standpoint, but I don't think practically that any one technology is going to capture the world market or the world use. We think that some are better than others, but the issue of inner-operability is really what is important here is that whatever one you use that there's a way to speak to each other ultimately and serve the purpose that we need in society.

     REP. RUSH: Thank you.

     I yield back, Mr. Chairman.

     REP. TAUZIN: Thank you, Mr. Rush. I think it's fair to say that before you have a contract, you have to see eye to eye anyhow.

     (Laughter.)

     It will all work out somewhere.

     I apologize.

     The Chair is now pleased to welcome the very patient lady from Missouri, Ms. McCarthy.

     REP. KAREN MCCARTHY (D-MO): I thank you, Mr. Chairman, for this hearing and your foresight.

     And would like to remark, and follow up to Mr. Rush's comment on international, and your thoughts that last October I was sitting in the Dublin, Ireland, silicon valley area, in the Gateway facility there observing Prime Minister Ahern and President Clinton sign from their laptops with their secure IDs and virtually sign a trade agreement. And so, there are huge international uses already of this technology of the virtual signature.

     And Mr. Chairman, the President noted that, you know, while he's somewhat new to the technology, that this virtual signature could potentially lead to a virtual president, and thought that we ought to probably debate larger philosophical questions while we grapple with the practical issues today of state and federal authority. We are really -- it's almost like being at the top of a really snowy hill and the toboggan's heading down there, and you know it will be a great ride, but you're not on it, and you're running after it. I feel a little bit breathless about this whole conversation because it's happening, and we're today trying to grapple with how do we do this well so that it happens with the safety and security that we all seek.

     With that in mind, and I must confess to the panelists, I'm a product of state government, 18 years in the Missouri legislature before joining this august body. So, the question of preemption of any state law is real to me because my state in Missouri in 1988 did pass the Digital Signatures Act that our secretary of state is implementing. It is modeled after Utah law, and I know a lot of states are grappling with this.

     So, in this issue of state preemption, HR 1714 would preempt any state law that is not consistent with the bill even if the state law is passed within the two years, that the National Conference of Commissioners is working in, as well as any laws that are already on the books like my state of Missouri.

     Do you believe that there is any risk that the uniform law that you are contemplating could be construed as inconsistent with HR 1714 and thereby renders this entire effort, this intensive effort invalid? I know my state will have to reflect on this current law and look to the commission's work and adopt and make changes. But what if the commission's work, if we pass this law, HR 1714, what if the commission's work is invalid?

     Could Mr. Greenwood, could you reflect on that, and I would love to weigh in on anyone else's thoughts?

     MR. GREENWOOD: Yes, thank you very much for the questions.

     It's very gratifying to see an alum from the state legislature of so many years in this august body.

     I think that your concerns are really right on. There's clearly a need, on the one hand, to get a national baseline soon. However, that cannot rule to the exclusion of an equally important need not to unduly disrupt these areas of state law and the emerging state law. And I think to zero in on your specific question, one of the areas that ought to be looked at as this bill is honed through the process is Section 102, B1 and B2. There are several areas, but specifically, let's talk about B1 for the moment.

     It would require that a state law that's enacted to basically revert the jurisdiction back to the states within this period of time must meet this requirement that it not discriminate in favor or against a specific technology, method, or technique of creating, storing, generating, receiving, communicating, or authenticating electronic records or electronic signatures. Well that sounds good in the sense that it's technology neutral, which is what we want. And I do believe the Uniform Electronic Transaction Act, which we're talking about now primarily is largely technology neutral. However, in the particular implementation of many particularly areas of law, you do have to start talking about specific technologies in a consumer stands for example as we start amending our lemon laws to allow people to buy their cars at home.

     Right now, most states have well, Massachusetts I'll speak for. We have a requirement that there be a disclaimer of various warranties and other notices placed on the windshield and that's a paper requirement. And it's based on a known business model where a consumer goes into the lot, they see the notice and so forth and it's a media specific requirement. As we start transforming our business models to allow these things to occur online when you don't have a consumer walking onto a lot and looking a windshield necessarily before they make a decision. At some point, we're going to have to say something, some sort of equivalent language like must appear on a screen or something. Similarly, with securities regulation and many other areas of law banking and on and on down the line where there's consumer protections or other media specific protections for notices and conspicuous terms and so forth in place.

     At some point the state legislatures and lawmakers at every level of government will have to come up with a equivalent types of standards. That is by definition, I guess you could say discriminating in favor of or against a particular implementation. The trick here is going to be making sure that you allow us to responsibly apply the same kinds of jurisdiction that we have over commerce in other areas of law now in the information age without having an inconsistent or an undo impediment to interstate commerce. And I think that'll be the trick.

     REP. MCCARTHY: Mr. Chairman, would you indulge me in a follow up question?

     I'd like and I thank you very much for those thoughts because I think are right on point.

     MR. GREENWOOD: Thank you.

     REP. MCCARTHY: Um, I'd like to know from Mr. Skogen and Curtis and Siedlarz, if your industry has been involved in the drafting of the uniform model code?

     MR. GREENWOOD: Uh, no, we have not.

     REP. MCCARTHY: Mr. Skogen.

     Oh, yes, go ahead, Mr. Siedlarz.

     MR. SIEDLARZ: Same answer.

     REP. MCCARTHY: You have not.

     Mr. Skogen.

     MR. SKOGEN: Yeah, apparently we do in fact have state representatives that have been involved.

     REP. MCCARTHY: Okay, well Mr. Pincus, are you concerned that your efforts in this area could be for not if the model is effectively preempted?

     MR. PINCUS: Well, we have concern as I said earlier and laid out in my written testimony that we not do anything that would lead to controversy about whether the UETA wants it as enacted by the states provides the governing law. And they're not be a lot of controversy about whether its provisions preempted because obviously that creates the very uncertainty that everyone's trying to undo. So, that's why in our view to the extent there is to be any intervening federal law, the best way to design something would be as an interim sort of gap filler until the states adopt the UETA and then the federal law would fade away. And it would be literally would just exist to fill that gap to the extent that the subcommittee decided that there was a gap that needed to be filled, but not be a continuing federal overlay on the state law that's eventually adopted.

     REP. MCCARTHY: Well, I think that makes a great deal of sense. In fact, there is language in House Resolution 1320 that I think attempts to achieve what you just articulated with regard to this issue of preemption. And I would hope that this subcommittee would take a look at this particular point. I know Mr. Chairman, others before me have raised concern that when we enter this arena, we do so with the most study. And the most well chosen words so that we don't find out at the end of the process that all was for not and we're back to square one because this technology is taking off without us like that to bogging down that snowy hill.

     Mr. Pincus, you expressed concern about the bill's provisions requiring electronic signatures to meet reasonable requirements in your testimony that I have before me. And I think that that's appropriate. How might this provision lead to problems in the interpretation that covers the impact of the viability of the model code or the model bill?

     MR. PINCUS: Well, as I mentioned for the real model of authentication that businesses are using now are these closed systems that are set contractually in which people pick whatever authentication regime works for the level of business and level of security then need. And our position and it's also a position that's been adopted by the drafters of the model law is that those agreements should be enforced and therefore if that authentication method is used subsequently, those contracts are legally binding.

     Our concern is that the use of the word reasonable would provide a basis for a judge to say well I don't like the authentication method that these parties chose for their transactions and so none of them are legally enforceable. And especially internationally where there will different domestic legal regimes, the contractual method is going to be the way we think that cross border transactions will be facilitated. And we don't want to have a US model that has judicial second-guessing because obviously that would then be adopted by other countries.

     REP. MCCARTHY: Well, I appreciate your involvement in this process. I understand the National Governor's Association is engaged in it as well with the national conference. I would hope the national conference of state legislatures would be included because an awful lot of these states have measures already enacted. And, you know, it's imperative that those voices be at the table as well.

     Mr. Chairman, you have been so gracious and kind and I thank you for extending this time for me.

     REP. TAUZIN: I beg to differ. I've never met anyone more gracious than you Ms. McCarthy and I thank you for that.

     Let me thank you all in fact for your patients and your kindness in educating. I've always called this one of the best universities in America that we attend Ms. McCarthy because we have a chance to do what Mr. Largent did which is to do that again so I can understand it and we learn. And you've taught us a lot today. And let me point out Ms. McCarthy that one of the problems we have in this debate, we're going to have over preemption is the fact that there are a number of states who have adopted digital signature only and authentication of technology certified by the state only which runs very counter to the technology neutral concept that is embodied in this bill. For example, the biometrics concepts of iris identification would not be allowed in a number of these state jurisdictions because of the fact that it's not an authentication technology approved by the state. And it's not a digital signature. Technology is required by the state. So, we're going to have a little difficulty in working that out. I think the best admonition is that we do it in a way that sets the national standard, but doesn't preclude improvements that the uniform code authorities might eventually want to bring to states. And to the national government in the future as technology continues to teach us that there are different ways to do things than the way we did it yesterday.

     Let me finally say that it was a learning lesson for us that some of you ask that we e-mail our invitations to you to come to this hearing today. And we had to regrettably inform you that we couldn't do so because we could not authenticate the source of that e-mail and you might not therefore have been officially invited to attend here today. Next time, perhaps, and we invite you, we'll have a system in place where we can communicate with you in this e-commerce world, authenticate who we are. And you can authenticate your identities to us and we can maybe establish a hearing in cyberspace where you won't even have to get through the traffic jams in Northern Virginia as Mr. Upson did to be with us.

     Thank you very much for teaching us today.

     The hearing stands adjourned.

END.

Copyright ©2001 by Federal News Service, Inc., 620 National Press Building, Washington, DC 20045 USA. Federal News Service is a private firm not affiliated with the federal government. No portion of this transcript may be copied, sold or retransmitted without the written authority of Federal News Service, Inc. Copyright is not claimed as to any part of the original work prepared by a United States government officer or employee as a part of that person's official duties. For information on subscribing to the FNS Internet Service, please email Jack Graeme at info@fnsg.com or call (202)824-0570.