It almost goes without saying: e-procurement is a hot topic. All around the country e-procurement systems at the federal, state and local levels are being built to improve acquisition efficiency.
In that push, however, agency officials find themselves having to take a close look at applicable laws to consider how their systems will work.
A CIO in charge of building a state's new e-procurement system might ask, for example, such questions as these: Can our vendors execute contracts without sophisticated and expensive Public Key Infrastructure (PKI) software? Is it enough that a vendor log in with a username and password, review a contract electronically and then "agree" with a simple click of the mouse? Does that create a valid contract?
The answer to the big question "IS IT LEGAL?" depends of course on what the applicable electronic signature law says. It doesn't help that laws vary both between the federal and state levels and among the various states.
In this installment of our Government Purchasing series, we assess where things stand in electronic signature law. We'll consider federal laws and systems first, followed by a look at the state level.
Definitions: "Electronic" vs. "Digital"
Let's begin with two basic but important definitions:
"Electronic signature" is a general term that refers to signatures created using a variety of possible cryptographic methods. Signatures often are accomplished through the use of username and passwords, or PIN numbers. "Electronic" signatures are less secure than "digital" in terms user authentication.
"Digital signature" is a more specific term (and a subset of "electronic signature") that refers to signatures created with public key cryptosystems. Signatures are accomplished through Public Key Infrastructure (PKI). With digital signatures there is true authentication that the person signing is who he says he is.
The primary federal and state laws in this area, ESIGN and UETA, are based on the looser "electronic signature" requirement.
Federal Law
ESIGN
President Clinton signed the Electronic Signature in Global and National Commerce Act (ESIGN) on June 30, 2000. The law went into effect October 1, 2000. Under the act, no contract, signature or record can be denied legal effect solely because it's in electronic form.
The law is rather general saying essentially that electronic signatures MAY be used to establish binding contracts. ESIGN also states that a person cannot be REQUIRED to agree to use or accept electronic records or electronic signatures.
Federal agencies, however, represent the one exception to this rule. Section 101(b)(2) states that the act does not obligate any person "other than a governmental agency with respect to a record other than a contract to which it is a party." 15 U.S.C. § 7001(b)(2).
There are two competing interpretations of this key provision. The Office of Management and Budget's says that section 101(b)(2) applies broadly to the entire transaction involving a government contract, including all records relating to the contract. OMB Memorandum for the Heads of Departments and Agencies, Jacob J. Lew, Director, September 25, 2000. Under this interpretation, the "other than" language allows agencies to disallow electronic responses with regard to all procurement documents.
Some legal experts, on the other hand, argue that the rule does not apply to documents in the procurement process that come BEFORE the actual contract -- e.g., contractor requests for clarification, statements of interest, and proposals. E.g., Samelson and Bedwell-Cole, "Will ESIGN Affect Government Contracting Practices?" Contract Management, November 2000. See also "Comparison of E-Sign and Pure UETA," Massachusetts Executive Office for Administration and Finance, IT Division, http://www.state.ma.us/itd/legal/esign-ueta-compare.htm.
Under this interpretation, federal contracting officers could not bar electronic responses except in the case of actual contract execution. Thus a federal agency could not, for example, exclude an offeror from consideration on the grounds that it submitted its proposal electronically.
This second interpretation seems more logical than OMB's. OMB seems to ignore plain language. Section 101(b)(2) refers to a single record -- the contract itself. ("Record" is defined in the act as "information that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form.") If the drafters had intended that ALL records related to the contract be exempt from the e-signature acceptance requirement, they would have explicitly stated it that way -- for example, language such as, "with respect to records related to a contract to which it is a party," rather than "with respect to a record other than a contract to which it is a party."
But wouldn't this second interpretation put too much of a burden on federal agencies? What about for example a contractor who wants to use second-rate or even ineffective e-signature software in submitting its proposal?
ESIGN has built-in protections designed to address such problems. The act provides that an electronic record may be denied validity if it does not remain accurate and accessible to all persons entitled to the record. 15 U.S.C. § 7001(d). It also allows agencies to impose performance standards to ensure record integrity, accuracy and accessibility. 15 U.S.C. § 7004.
Because the issue (that is, the scope of the procurement document exemption) has yet to be decided by a federal court, we don't know which interpretation is correct. We do know that in practice many federal agencies still insist on receiving paper responses to pre-award announcements. Until a court says otherwise, federal contracting officers can point to OMB's position on the issue for support.
FAR changes
In reality, the issue may never be litigated as electronic signature becomes more widespread under pressure imposed by another law, Section 30 of the Office of Federal Procurement Policy Act. This provision requires that federal procurement organizations implement e-commerce "to the maximum extent that is practicable and cost-effective." 41 U.S.C. 426.
There has been a resulting flurry of Federal Acquisition Regulation (FAR) changes in recent years to support and encourage the use of electronic signatures in federal procurement. Changes include new provisions making it clear that any regulatory language that still smells of old-fashioned paper-based contracting does not tie the hands of federal government contracting officers:
The Federal Government shall use electronic commerce whenever practicable or cost-effective. The use of terms commonly associated with paper transactions (e.g., "copy," "document," "page," "printed," "sealed envelope," and "stamped") shall not be interpreted to restrict the use of electronic commerce. Contracting officers may supplement electronic transactions by using other media to meet the requirements of any contract action governed by the FAR (e.g., transmit hard copy of drawings).
FAR 4.502(a). Traditional FAR definitions have been expanded to include the use of e-commerce and electronic signatures. FAR 2.101. Contract signature requirements for contracting officers and contractors now include a specific authorization to use electronic signatures. FAR 4.101, 4.102.
Furthermore, electronic commerce may be used to issue RFPs and to receive proposals, modifications, and revisions. FAR 15.203(c). And electronic signatures may be used in the production of purchase orders by automated methods. FAR 13.302.
The federal government's acceptance of electronic signatures is not new. As early as 1951, GAO recognized that a signature does not have to be handwritten and that "any symbol adopted as one's signature when affixed with his knowledge and consent is a binding and legal signature." B-104590, 12 September 1951. In a 1991, decision the Comptroller General of the United States found that contracts formed using EDI technologies constitute valid obligations of the government "so long as the technology used provides the same degree of assurance and certainty as traditional paper and ink methods of contract formation." B-245714, December 13, 1991.
Example Systems
Existing law, then, has authorized the use of electronic signatures throughout all stages of the federal procurement process. But where do things stand in terms of actual implementation? At the federal level, e-signatures are encouraged and even required in a number of places.
SeaPort
An example of a leading system is SeaPort, http://www.seaport.navy.mil, operated by The Naval Sea Systems Command (NAVSEA). SeaPort requires e-signatures throughout the procurement process from issuance of RFPs through the awarding of task orders.
Currently, there are 21 vendors participating in SeaPort. These vendors participate under the terms of an Indefinite Deliver Indefinite Quantity (IDIQ) contract. To date, every task order (81 total) has been executed using an electronic signature.
Other systems
NASA currently has in place at three of its centers an e-commerce system called EPRO. EPRO supports the electronic receipt of offers and the electronic award of resulting contracts or purchase orders, utilizing a software program called Entrust. This software is free to vendors.
The Space and Naval Warfare Systems Command receives its proposals electronically through a secure system. https://e-commerce.spawar.navy.mil/
A few agencies without e-procurement systems say that electronic signatures are acceptable. Here's an example synopsis from the FBI:
Submit signed and dated offers by close of business April 26, 2002 to the Federal Bureau of Investigation .... Electronic communications are preferred. ADDENDUM FAR 52.212-1 Para. (D).... Submit one copy of signed (electronic signature is acceptable) and dated offer by close of business April 26, 2002....
The States: Two Approaches
The states have adopted two general approaches in authorizing the use of electronic signatures: (1) only digital signatures satisfy signature requirements (Utah approach); and (2) electronic signatures satisfy legal signature requirements (UETA approach).
1. Utah (digital signature) approach
States following the Utah approach authorize the use of only digital signatures, ignoring the more general category of electronic signatures. Utah was the first state to adopt such legislation, sometimes referred to as "long statutes." Long statutes recognize digital signatures as legally binding but go beyond that by giving digital records evidentiary weight, adopting a specific technology (usually asymmetric cryptosystem), allocating liability, and providing a state's Secretary of State (or other public entity) extensive regulatory powers.
2. UETA (electronic signature) approach
The UETA approach is more in line with traditional contract law, under which almost anything can qualify as a signature. States following this approach separate the issue of signature from the issues of security, proof and evidence. These states have adopted, in whole or in part, the Uniform Electronic Transactions Act (UETA), which is similar to the federal act, ESIGN. As of July 18, 2001, 37 states had passed various versions of the UETA.
The state of Maryland follows the UETA approach. The state launched eMaryland Marketplace on March 8, 2000, just before adopting the UETA. Currently 1,800 vendors participate.
Using eMaryland, vendors register and sign an authorization agreement. Users "sign" documents by logging in and submitting them to the system. There is no PKI software.
eMaryland officials apparently want to move virtually all state procurement activity through the system. Plans for the near future include moving major construction projects (those over $100,000) online (including bonding management and submission of costing sheets).
The state's adoption of the UETA, and its resulting reliance on easier-to- implement electronic signature procedures (as opposed to digital), makes rapid deployment possible.
Which Approach is Better?
So which is the better of these two approaches? We come down on the side of the UETA. By that we mean we come down on the side of both UETA and ESIGN. We surmise that for most jurisdictions the lower costs and rapid deployment associated with electronic signatures outweigh the security benefits of digital signatures.
The looser electronic signature standard does not radically alter the legal landscape. It's important to remember that signature requirements aren't very stringent under traditional contract law. Over the years, courts have deemed a variety of methods valid in establishing signatures: names on telegrams, typed names, names on letterhead, and faxed signatures, for example. Under the Uniform Commercial Code "any symbol executed or adopted by a party with present intention to authenticate a writing" is a valid signature.
Courts have always had to deal with such issues as forgery. It is not a stretch for them to take on more modern authentication problems such as misused passwords.
Of course what the law allows and what agency officials deem appropriate in a particular system are two different things. For example, officials at a federal agency such as NASA might determine that security is especially important. They may decide that, although ESIGN authorizes a "looser" electronic signature-based system, a "tighter" digital signature-based system is more appropriate for NASA vendors (despite the increased costs and headaches).
Comments
What are your experiences in operating e-procurement systems? Have you faced any e-signature problems along the way? Or has it all gone smoothly? We'd love to hear your comments: rwhite@fedmarket.com.
