Tuesday, May 31, 2011
For over a decade, the Federal Government has increasingly moved its activities online. This movement has been facilitated by the acceptance of electronic processes to identify people online. A recent Presidential action to sign a law through automated me

Last week, President Obama signed the extension of the Patriot Act into law.  The President did so while in Europe, based on an instruction that in order to prevent the legislation from expiring, an autopen should be used to place the President's signature on the bill.

Regardless of one's views of the Patriot Act extension, this manner of Presidential signing is remarkable as the first time in history that a bill was signed into law based solely on technology -- in this case, an autopen that placed the President's signature on the bill.  The event represents another step forward in a legal and technological movement toward greater use of electronic signatures in all walks of life, especially those walks that lead to commercial and government business.  It's instructive to look back at the brief but interesting history of electronic signatures, and what to means given today's issues around open government that is always online, security and privacy, and trust in who we are.

Electronic signatures support "authentication", or acceptance of an identity, for individuals, business, government agencies, and even computers themselves.  They come in many forms that are familiar to us, including:

  • digitized signatures, like the an autopen, where a physical signature is captured by a machine that can print it on actual paper (as is done in many letters that all of us receive every day); or where the same physical signature is captured as an image on a file
  • usernames, which we use to identify ourselves online
  • PIN numbers, like those we use for online banking
  • tokens with identifying information, like secure ids that we may use to access networks in our professional lives
  • biometrics, including fingerprints and iris scans
  • digital signatures, which are based on computer code that can uniquely identify the sender and recipient of a message or document and often used for secure commercial or government transactions

The US Government started to develop policy for how agencies could allow the use of e-signatures in the 1990s.  At first, this was a broad review under the Paperwork Reduction Act, which calls for identifying various means -- especially through the use of technology -- to reduce the burden that government places on the public.   Officials at the US Office of Management and Budget -- including me -- then supported a more specific law that called upon agencies to eliminate paper in favor of electronic forms, which included electronic signatures:  the Government Paperwork Elimination Act of 1998, a statute with the interesting acronym of "GPEA".  GPEA required agencies to introduce an electronic option for submission if most forms by 2003, and was implemented through OMB guidance later that year.

The Government, of course, moves with trends in private commerce, and e-signatures proved no exception.  A little over one year later, Congress passed a law that established firm legal acceptance for electronic signatures under a variety of conditions:  the Electronic Signatures in Global and National Commerce Act of 2000, with the much-improved acronym of "ESIGN".  Prior to ESIGN, courts were inconsistent in their treatmenof the legal standing for electronic signatures -- many judges ruled that requirements for "writing" meant physical signatures, written by hand.  ESIGN held that so long as consumers (and other parties) received notice and consented, and the consent indicated an understanding of the technology used to sign a document, an electronic signature should be treated as legally binding.  Interestingly, E-SIGN was signed by President Clinton through a digital signature -- but also through the traditional means of an actual written signature to ensure that courts would not question the Act's legitimacy, and to continue the 200-year-old tradition (based on the Constitution's call that the President "shall sign" laws) that physically signatures be the means of such signing before enactment.  Following another set of implementing guidance from OMB. Government used ESIGN to further the movement toward online commerce, creating new electronic services that leveraged increasing citizen and commercial acceptance of online activity.

The E-Government Act of 2002 continued this statutory march online, authorizing numerous initiatives and activities that would be infeasible without electronic signatures, and authorizing an office within OMB to ensure the sustainment and growth of electronic government -- supplemented by the Bush Administration's 24 E-govenment Initiativesthat allowed citizens to access government services without needing to physically sign a document.

In the current Administration, President Obama's Open Government Initiativeemphasizes that agencies must continue to increase their ability to do business with citizens online, and to make the process and results of this activity increasingly transparent.  The creation of both a Chief Technology Officer (Aneesh Chopra) and a Chief Information Officer (Vivek Kundra) in the White House, and an Office of Citizen Services and Innovative Technologies at the General Services Administration, has reinforced that creative use of technology to improve government is a Presidential imperative.

Many people have cited lack of trust in online commerce as the key inhibitor in full acceptance of the benefits of electronic signatures to conduct that commerce.  The need to secure the channels by which we all interact online is real and will always remain a challenge, as demonstrated by recent data breaches that have made the news.  Most recently, the Obama Administration's National Strategy for Trusted Identities in Cyberspace (NSTIC -- see this blog post) took a major step forward in promoting standards and norms of behavior for companies, governments, and citizens to follow to build trust in knowing who we are online.  NSTIC implementation will continue to build support and acceptance for electronic commerce.

So, while the President's signing of bill with an autopen may seem like a relatively limited use of technology, it's acceptance is in good measure created by a set of laws, policies and practices that have built up over the past 15 years.  Who knows -- as electronic commerce continues to gain acceptance, maybe a future ESIGN Amendments Act will be signed by a future President with an electronic signature that is accepted by citizens, courts, and even constitutional scholars as an unremarkable event!