Go to the Main Laws page

DEPARTMENT OF JUSTICE

The Department of Justice (DOJ) enforces the law and defend the interests of the United States according to the law; to ensure public safety against threats foreign and domestic; to provide federal leadership in preventing and controlling crime; to seek just punishment for those guilty of unlawful behavior; and to ensure fair and impartial administration of justice for all Americans.

LEGAL CONSIDERATIONS IN DESIGNING AND IMPLEMENTING ELECTRONIC PROCESSES: A GUIDE FOR FEDERAL AGENCIES November 2000 (available online here)

In deciding whether and how to convert any given process from paper to an electronic one, agencies should consider at least the following four issues, which are examined in Part II:

A - Availability

B - Legal Sufficiency

C - Reliability

D - Compliance With Other Laws

Part II - LEGAL ISSUES TO CONSIDER IN "GOING PAPERLESS"

A. Availability of Information - To ensure the availability of information in an electronic process, agencies should ensure:

1. that an electronic process collects all relevant information; In adopting electronic processes, agencies should ascertain whether the following four specific types of information should be captured and retained:

(1) content of the transaction, including all records that comprise the substance of the transaction or filing;

(2) records that contain information about how the transaction was processed, including dates received and changes or modifications that were made in records;

(3) a means to authenticate the identity of all people who participated in the transaction both inside and outside the agency, and the scope of each person's participation; and

(4) for appropriate transactions, a means for establishing the intent of the participants to enter into the transaction or agreement.

1. that the information is retained properly; and

Electronic systems should be designed and maintained to guard against data corruption, whether through accidental deletion, equipment failures, storage media deterioration over time, stray electromagnetic forces, or myriad other hardware and software problems

 

2. that the information is readily accessible. The potentially lengthy period of time between the collection of information and its use in many situations, including litigation, highlights the importance of these issues.

   Unlike paper files which, when properly organized and maintained in the ordinary course of business, are readily available and usable without any special equipment, electronic information is not always accessible without special equipment and software.

B. The importance of signatures

1. An increasing number of statutes and regulations impose the same presumptions of identity, intent, or familiarity with content that are typically associated with paper signatures. The proper design of legal instruments can reduce the need for such presumptions. Until such presumptions become widely accepted for electronic signatures, agencies should ensure that the electronic signature technologies they adopt identify the signers of the document and clearly express their intent and familiarity with the document.

C. Reliability of Electronic Information

1. The legal significance of context surrounding the collection or creation of electronic information

By binding the entire document to the electronic signature with a file hash it allows all surrounding context to be captured during the collection and creation of the signature in compliance with (C)(1).

2. The perceived reliability of electronic data

These File Integrity Hashes need to be used by all parties to the electronic record to verify that no changes or errors have occurred. This addresses reliability issues by "demonstrating that there are sufficient electronic procedures in place to prevent accidental or unauthorized alteration of information".

3. Persuasiveness of electronic processes and information derived from them

The method of delivery and signature capture needs to be simple and easily understood process very simular to the email that many businesses have long been using. The document is received, view or printed and then the user signs the file that they have already read. No software to install or maintain makes this process the easiest to use by all. No limitations on which operating system or internet browser is ideal. This makes for an electronic signature process that anyone can then communicate "in a straightforward and sensible manner and should recognize that people are likely to have varying degrees of knowledge about such processes."

4. Admissibility of information derived from electronic processes

By using industry and federally accepted File Integrity Hashes users can submit to courts proof that the evidence is both "authentic" and the "best evidence". File Integrity Hashes can be used by all parties to the electronic record (including the court) to verify that no changes or errors have occurred.

5. Legal Requirements Affecting Electronic Processes

 

PUBLIC LAW 108-390 - ELECTRONIC SIGNATURE ON FORMS I-9 - (online here)

U.S. Immigration and Customs Enforcement (ICE) and the Department of Homeland Security (DHS) have received inquiries from many employers regarding the availability of electronic Employment Eligibility Verification Forms (Form I-9). Employers have expressed their frustration with being required to keep paper forms or to store the forms on microfilm or microfiche when all other aspects of their business have been automated.

On April 28, 2005, a new law will take effect allowing employers to sign and store Forms I-9 electronically.

On October 30, 2004, the President signed legislation into law (Public Law 108-390) authorizing employers to retain Forms I-9 in electronic format, in addition to the current choices of paper, microfilm or microfiche. The legislation also authorizes attestations on the Form I-9 to be manifested by an electronic signature. The legislation prescribed an effective date of April 28, 2005, or the effective date of implementing regulations, whichever occurred first.

SECTION 1. IMPROVEMENTS TO EMPLOYMENT VERIFICATION SYSTEM.
(a) IN GENERAL.--Section 274A(b) of the Immigration and Nationality Act (8 U.S.C. 1324a(b)) is amended--

(1) in paragraph (1)(A), by inserting before ``A person or entity has complied'' the following: ``Such attestation may be manifested by either a hand-written or an electronic signature.'';
(2) in paragraph (2), by adding at the end the following: ``Such attestation may be manifested by either a hand-written or an electronic signature.''; and
(3) in paragraph (3), by inserting ``a paper, microfiche, microfilm, or electronic version of'' after ``must retain''.

(b) EFFECTIVE DATE.--The amendments made by subsection (a) shall take effect on the earlier of--

(1) the date on which final regulations implementing such amendments take effect; or
(2) 180 days after the date of the enactment of this Act.

 

 

ATF - ALCOHOL, TOBACCO AND FIREARMS

The Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) is a law enforcement agency within the U.S. Department of Justice. Its unique responsibilities include protecting the public and reducing violent crime. ATF enforces the Federal laws and regulations relating to alcohol and tobacco diversion, firearms, explosives, and arson.

ATF regulations are published as Title 27, Code of Federal Regulations (27 CFR) by the Government Printing Office. (Available online here)

27 CFR § 73.3 What terms must I know to understand this part?

Electronic document receiving system. Any set of apparatus, procedures, software, records, or documentation used to receive documents communicated to it via a telecommunications network.

Electronic signature. A computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual's handwritten signature, and that:

(1) Identifies and authenticates a particular person as the source of the electronic message; and

(2) Indicates such person's approval of the information contained in the electronic message.

§ 73.11 What are the required components and controls for acceptable electronic signatures?

(a) Electronic signatures not based on biometrics. If you use electronic signatures that are not based upon biometrics you must:

(1) Employ at least two distinct identification components such as an identification code and a password;

(2) Use both identification components when executing an electronic signature to an electronic document; and

(3) Ensure that the electronic signature can only be used by the authorized user.

Usernames and Passwords are a secure method to gain access to the document and to then sign for the document.

(b) Electronic signatures based on biometrics. If you use electronic signatures based upon biometrics, they must be designed to ensure that they cannot be used by anyone other than their genuine owners.

§ 73.12 What security controls must I use for identification codes and passwords?

If you use electronic signatures based upon use of identification codes in combination with passwords, you must employ controls to ensure their security and integrity. These controls must include:

(a) Maintaining the uniqueness of each combined identification code and password, such that no two individuals have the same combination of identification code and password;

Usernames and passwords need to be unique to the user of the system.

(b) Ensuring that identification code and password issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging);

Passwords on should be changed on a regular basis in compliance with (b).

(c) Following loss management procedures to electronically deauthorize lost, stolen, missing, or otherwise potentially compromised tokens, cards, or other devices that bear or generate identification code or password information, and to issue temporary or permanent replacements using suitable, rigorous controls;

(d) Using transaction safeguards to prevent unauthorized use of passwords and/or identification codes, and to detect and report in an immediate and urgent manner any attempts at their unauthorized use to the system security unit and, as appropriate, to organizational management; and

(e) Initial and periodic testing of devices, such as tokens or cards, that bear or generate identification code or password information to ensure that they function properly and have not been altered in any unauthorized manner.

Using secure Username/Passwords, and not just tokens which need additional steps are a good idea as outlined in (e)

§ 73.33 Am I legally bound by a form I sign electronically?

Yes; by electronically signing a form you submit to us, you are agreeing to be legally bound to the same extent as if you applied a traditional handwritten signature on a paper document submitted to satisfy the same reporting requirement. Persons using electronic signatures shall, upon TTB's request, provide additional certification or testimony that a specific electronic signature is the legally binding equivalent of the signer's handwritten signature.

Electronic signatures are legally binding in accordance with State and Federal Law.