On April 3, 2001, Governor John Hoeven signed the Uniform Electronic Transactions Act (UETA) and filed it with the Secretary of State. UETA applies to electronic records and electronic signatures relating to transactions conducted after July 31, 2001. UETA and the companion federal law, Electronic Signatures in Global and National Commerce Act (ESIGN), provide assurance that electronic signatures will be granted the same legal authority as traditional ink signatures on paper. Therefore, if an electronic transaction meets the requirements of the electronic signature laws, neither party can repudiate a contract based on the fact that the transaction was conducted electronically, rather than on paper.
The Information Technology Department formed the Electronic Signatures Committee to develop guidelines for the use and acceptance of signatures in the state of North Dakota with respect to UETA and ESIGN. The Electronic Signatures Committee consists of representatives from thirteen state agencies, with legal guidance from the Attorney General’s Office.
These guidelines should be used as a best practice tool and provide basic information regarding electronic signatures. Specific standards and policies related to the electronic signature technology infrastructure will be developed through the Enterprise Architecture process.
The increased use of personal computers and the Internet is making electronic transactions more common every day. The North Dakota Uniform Electronic Transaction Act eliminates legal barriers to the use of electronic technology to create and sign contracts and other records, collect and store electronic records, and conduct everyday transactions electronically. Basically, the Act eliminates barriers to electronic commerce, while protecting consumers at the same level expected with paper-based transactions.
The Act is codified in Chapter 9-16 of the North Dakota Century Code. It does not apply to transactions governed by the following:
In addition, UETA provides an exception for records where a law was enacted after July 31, 2001 which specifically prohibits the use of an electronic signature for the specified purpose.
Along with this new found freedom to conduct electronic transactions, state agencies are still required to satisfy their records management responsibilities. When implementing electronic signatures, records coordinators and IT professionals need to be aware that signatures are an integral part of a record. The trustworthiness of the electronically-signed record needs to be maintained for the full records life cycle. The records life cycle is the life span of the record from its creation or receipt to its final disposition. It is usually described in three stages: creation, maintenance and use, and final disposition. Final disposition can mean permanent deletion or destruction, or transfer to the State Archives if the record has historical value. Therefore, the electronic signature must remain accessible for the full retention period of the record to which it is associated.
The Federal ESIGN Act (Public Law 106-229) confirms that states must allow the use of electronic signatures if the two parties involved agree to this method of signing.
ESIGN applies to interstate commerce, foreign commerce, and business transactions with the Federal Government. Impact on the State of North Dakota may be considerable, specifically for those agencies that deal with companies or organizations that are from out of state. ESIGN contains numerous consumer protection requirements. It also contains language that specifies that any requirements be technology neutral. The Tax Department, Secretary of State's Office, and Office of the Insurance Commissioner are examples of agencies that may be directly affected.
Electronic signature is a basic term for a variety of methods used as an alternative to a traditional ink signature on paper. Three basic classifications of electronic signatures exist, each with an increased level of cost, integrity, authenticity, security, and non-repudiation.
Common electronic signatures are any signature method that does not employ a specific technology to increase the security, authenticity, or evidentiary value of a signature.
Common electronic signatures include a digitized image of a handwritten signature, a password or PIN (Personal Identification Number), “clickwrap” signature method where the user clicks a button onscreen to accept what is being stated, or a mark or symbol indicating intent to sign.
Another example of a common electronic signature is the use of the symbol “/s/”. The symbol may be used in a number of ways.
The symbol is affixed to an electronically stored document such as a letter. The symbol demonstrates that the paper copy, sent to the addressee, was signed with a traditional “wet” signature.
The symbol is used as an electronic signature on an electronically distributed document such as a memorandum or report.
To: Project Team
From: /s/ John Doe
Subject: Meeting Minutes
The symbol is used on the record copy of a document that will be distributed to a large distribution list or when the document will be posted electronically. The original document is signed with a “wet” signature and scanned for retention or archival purposes. The signature symbol is used in the distributed or posted copies.
Signed this day,
Governor John Doe
Secure electronic signatures typically use technology to link the electronic signature to an individual or device. Secure electronic signatures may use biometric, biorhythmic, holographic, and cryptographic technology.
The digital signature process, in conjunction with a digital certificate, uses a private key to sign and encrypt the document and a public key to de-crypt and authenticate the signature. Digital certificates are typically issued by a trusted third party that verifies facts about your identity and issues a certificate that attests to those facts.
Digital signatures offer the highest level of authenticity, security, and integrity and are the most difficult and costly to implement.
These guidelines should be used to assist agencies in making informed decisions regarding the appropriate use of electronic signatures at each level. State agencies must determine the risks and benefits of the available technologies for their specific applications.
A key issue with electronic signatures is proving the signature is from the person the signature represents and the document has not been altered.
According to the National Archives and Records Administration (NARA), the characteristics listed below are used to describe trustworthy records from a records management legal perspective.
State agencies shall maintain adequate documentation of the system design, implementation, use, and migration. The documentation shall include a narrative description of the system, physical and technical characteristics, and any other technical information required to access or process the records.
For a record with an electronic signature to remain trustworthy over the record life cycle, it is necessary to preserve its content, context, and sometimes its structure.
Agencies should follow these steps to assist them in the implementation and use of electronic signatures.
A requirement for effective use of digital signatures is interoperability across agencies and other government entities. Interoperability is the ability of one system to use the parts or equipment of another system. Establishing common signing process criteria will allow for electronic signature reciprocity between states. States will be able to share signed electronic documents and rely on documents from other sources.
Several groups, including the National Governors’ Association and National Electronic Commerce Coordinating Council, are working on the interoperability issues. Below are some general guidelines that are expected to be further developed or accepted in the future.
Records created as a result of electronic transactions must be retained according to the agency’s retention schedule, the ND General Retention Schedule, and the North Dakota Electronic Records Management Guidelines.
These guidelines are provided to assist agencies in making informed decisions regarding the appropriate use of electronic signatures at each level.
The Information Technology Department appreciates the time and assistance of all members of the Electronic Signatures Committee.
No funds are transferred, no legal or financial liability is involve, and no confidentiality or privacy issues are involved.
ITD Records Management
Records Management is the professional practice of identifying, classifying, preserving, and disposing the records of an organization, while capturing and maintaining the evidence of an organization’s business activities as well as the reducing the risks associated with it.