E-Signature Laws Provide Legal Framework For Blockchain

 

Today, there is certainly much hype and hope for successful deployments of distributed ledger, or blockchain, technology especially in the cryptocurrency world. There also seems to be a general perception that there is not a clear, or even an existing legal framework for blockchain transactions, be they commercial or consumer in nature. While there are certainly specific laws that can apply to particular types of blockchain-based transactions, such as federal and state securities laws in the case of cryptocurrency initial coin offerings, many blockchainers may not realize that there is an existing legal framework that readily accommodates a broad base of blockchain transactions; these are state, and in a few cases, the federal, electronic signatures and records laws.

These laws apply across many industries, including banking, structured finance, consumer finance, manufacturing and distribution of commercial and consumer goods, but, to make my points concrete, I am going to explain how to apply this framework to an product given my insurance industry focus.

The federal electronic signature law, the Electronic Signatures in Global and National Commerce Act,[1] applies only in the three states that have not adopted the model state based electronic signature law, known as the Uniform Electronic Transactions Act.[2] ESIGN provides for reverse preemption of itself and defers to UETA.[3] Therefore, UETA, which has been adopted in 47 states, is the primary law of the land, which establishes that electronic signatures, formation of electronic contracts, electronic delivery of documents required to be delivered in writing (irrespective of whether they require a signature) and satisfaction of written record retention requirements through electronic records cannot be denied legal effect on the basis of their electronic nature. Therefore, the focus of this article is on UETA and its relationship to blockchain transactions and distributed ledger technology used to create these transactions.

Many insurers have relied upon UETA to implement the use of electronic signatures for new insurance policy applications and to satisfy their obligation to deliver insurance policies in written form via electronically delivered insurance policies.

To understand why UETA applies to blockchain created transactions, it is important to recognize what types of transactions might be effectuated thereby and the key concepts in and rules established by UETA. Blockchain enabled transactions might include the electronic signature of electronically created contracts, the electronic delivery of documents, the automatic execution of a “smart contract’s” provisions that are triggered when agreed upon third party data, or oracles, enter the blockchain. Blockchains can also serve as the electronic repository for data and records entered into them. The drafters of UETA recognized the concept of a digital asset token in 1999, stating that “[t]he technology has yet to be developed which will allow for the possession of a unique electronic token embodying the rights associated with a negotiable promissory note.

Section 16’s concept of control is intended as a substitute for possession.”[4] 

UETA is intentionally designed to accommodate the advent of future technologies. To be sure, 

[UETA] has been drafted to permit flexible application consistent with its purpose to validate electronic transactions. [UETA’s] provisions… validating and effectuating the employ of electronic media allow the courts to apply them to new and unforeseen technologies and practices. As time progresses, it is anticipated that what is new and unforeseen today will be commonplace tomorrow. Accordingly, this legislation is intended to set a framework for the validation of media which may be developed in the future and which demonstrate the same qualities as the electronic media contemplated and validated under this Act.[5]

Accordingly, UETA contains the following ten relevant, key definitions to consider in understanding why UETA already embraces blockchain transactions:

1. “Automated transaction” means a transaction conducted or performed, in whole or in part, by electronic means or electronic records, in which the acts or records of one or both parties are not reviewed by an individual in the ordinary course in forming a contract, performing under an existing contract, or fulfilling an obligation required by the transaction.[6]
2. “Computer program” means a set of statements or instructions to be used directly or indirectly in an information processing system in order to bring about a certain result.[7]
3. “Electronic” means relating to technology having electrical, digital, magnetic, wireless, optical, electromagnetic, or similar capabilities.”[8] “The definition is intended to assure that the Act will be applied broadly as new technologies develop. The term must be construed broadly in light of developing technologies in order to fulfill the purpose of this Act to validate commercial transactions regardless of the medium used by the parties.”[9]
4. “Electronic agent” means a computer program or an electronic or other automated means used independently to initiate an action or respond to  electronic records or performances in whole or in part, without review or action by an individual.[10]
5. “Electronic record” means a record created, generated, sent, communicated, received, or stored by electronic means.[11]
6. “Electronic signature” means an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.
7. “Information processing system” means an electronic system for creating, generating, sending, receiving, storing, displaying or processing information. [12]
8. “Record” means information that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form.[13]
9. “Security procedure” means a procedure employed for the purpose of verifying that an electronic signature, record or performance is that of a specific person or for detecting changes or errors in the information in an electronic record. The term includes a procedure that requires the use of algorithms or other codes, identifying words or numbers, encryption or callback or other acknowledgment procedures.[14] “The definition does not identify any particular technology. This permits the use of procedures which the parties select or which are established by law. It permits the greatest flexibility among the parties and allows for future technological development.”[15]
10. “Transaction” means an action or set of actions occurring between two or more persons relating to the conduct of business, commercial or governmental affairs.[16] 

UETA “… provid[es] a solid legal framework that allows for the continued development of innovative technology to facilitate electronic transactions.”[17] 

DLT embraces most, if not all, of these definitions and concepts. Clearly, blockchain is an “electronic” technology, can create “electronic records” and can effectuate “electronic signatures.” DLT is an “information processing system,” and “computer programs” can be created and operated within a blockchain.

The decentralized consensus process for validating blockchain transactions, be that the proof of stake or proof of work, through blockchain participants called nodes, whose sole function is to validate a blockchain transaction by solving for the numeric hash reference that represents the encrypted blockchain transaction data, should constitute a “security procedure” under UETA.

To the extent blockchain enables and effectuates electronic actions on behalf of a natural person for purposes of a transaction without the natural person reviewing the act or record created for the act, then blockchain has accomplished an “automated transaction”. A blockchain can also be an “electronic agent” by automating actions and responses to electronic records and performances without review or action by an individual, which is precisely the concept of computer coding of rules within a “smart contract” or the “smart contract” portion of a contract, which is defined and discussed in detail below.

User Authentication

Identifying and authenticating electronic signatories is not a new issue or that difficult of a challenge or process. Many businesses using online means for obtaining and receiving electronically signed records from their customers already use customer authentication procedures, such as “shared-secrets” where by a new consumer is authenticated by answering online questions which evoke personal data that would most likely only be known by the consumer (sometimes this data is sourced directly from a consumer report provided by a consumer reporting agency); furthermore, for existing customers, many businesses, especially those in the financial services and insurance industries, customer authentication is a regular business function because of privacy and anti-money laundering compliance obligations. So, the point is that most businesses using e-signature technology already get the authentication issue, and applying that in the blockchain context should be relatively simply.

Electronic Signatures

UETA (and ESIGN) provide that electronic contracts and other signed records cannot be denied their legal effectiveness solely because they were created by e-signatures. Thus, to the extent a contract or other document is signed by a user through an (electronic) blockchain, UETA (and ESIGN) step in to support the legality of blockchain effected e-signatures.

Encryption

Here is where the e-signature laws and conventional (to the extent there is such a thing) blockchainers begin to diverge. While UETA recognizes a “security procedure,” which can mean either or both a user authentication process or an encryption process for preserving the integrity of data within an electronic record, UETA does not require (nor does ESIGN) that an electronic record be encrypted or hashed.[13] UETA (but not ESIGN) provides that an electronic signature or record is attributable to a person if it was the act of that person, which can be shown by the efficacy of a security procedure used to determine the identity of the person to which the electronic record or electronic signature was attributable.[14] On the other hand, blockchainers invariably refer to blockchain transactions as being “immutable” as if they are always encrypted in a manner that is completely bullet-proof from hackers or other malicious persons who might seek to alter data within the blockchain. But, that immutability feature is in fact that core system of the blockchain that supports the decentralized, consensus-built trust in all the blocks in the chain and allows alterations of any data therein to be exposed to users of the blockchain, noticing them that one or more of the blocks are no longer valid and should not thereafter be relied upon. Attribution of blockchain transactions to specific persons admittedly presents issues given the pseudonymous nature of these transactions, especially in the cryptocurrency arena. In summary, electronic contracts or records do not have to be encrypted to satisfy e-signature laws, but blockchain transaction records must be encrypted as a practical matter in order for the blockchain effectively to work and be reliable to its users, requiring detection of broken cryptographic has function. In the end, however, the e-signature laws govern even hashed records on a blockchain.

Smart Contracts

UETA contemplates “automated transactions”, namely the performance or fulfillment of an obligation under a contract by electronic means or electronic records where the acts or records of a contracting party are not reviewed by an individual. Thus, an electronically formed contract that is computer coded to execute automatically, in whole or in part, by blockchain technology should constitute an automated transaction within the meaning of UETA. UETA also assists in the provability of smart contracts and other electronic records by providing that evidence of an electronic record cannot be denied admissibility solely because of its electronic form.[20] To be sure that UETA is the correct set of laws to apply to DLT transactions, one need look no further that the recent UETA amendments in Arizona,[21] and Tennessee[22] and similar, proposed amendments to UETA in legislative bills pending in California,[23] Florida[24] and Nebraska.[25] The purposes of these amendments are to establish that (1) contracts and records created via blockchain technology are electronic records and (2) electronic signatures effectuated through a blockchain constitute valid electronic signatures for purposes of UETA. While these blockchain oriented amendments are generally laudable and well-intentioned, they may be a bit off the mark and, frankly, unnecessary given that UETA already contains the necessary tools for providing a legal framework for blockchain transactions as discussed above.

UETA (and ESIGN) are intentionally technology neutral laws. Therefore, one important question is whether the introduction of DLT into UETA runs afoul of that principle. 

Even if the addition of a definition of blockchain technology, which itself does not have a consensus meaning among technologists, blockchainers, lawyers, regulators, legislators or other stakeholder groups, does not violate UETA’s technology neutral tenant, the blockchain technology definitions now being inserted into UETA, are not quite on time or on target. Take the blockchain technology from Arizona’s amended UETA for example:. 

(c) “Blockchain technology” means distributed ledger technology that uses a distributed, decentralized, shared, and reciprocal ledger, that may be public or private, permissioned or permissionless, or driven by tokenized crypto economics or tokenless. The data on the ledger is protected with cryptography, is immutable, is auditable, and provides an uncensored truth. [26]

It is unclear what is the legal effect or intent of the legislative assertions that data on a blockchain are protected by cryptography, immutable (which seems redundant with being encrypted) and auditable and gives uncensored truth. Do these fiats result in providing some sort of the rebuttable evidentiary presumption for the benefit of blockchain contained data, for example? Whether a DLT is “driven” by a cryptocurrency or some other form of token is neither here nor there and adds no clarity or substantive point about the legal effectiveness of DLT created and maintained electronic records and signatures. In fact, the inclusion of references to cryptocurrency is, at the present time, is a disservice towards advancing the interests of blockchain given the high uncertainty whether certain initial coin offerings are actually public securities offerings being conducted in violation of the federal and state securities laws.

“Smart contract” means an event-driven program that runs on a distributed, decentralized, shared and replicated ledger that can take custody over, and instruct transfer of, assets on that ledger.[27]

This definition of a smart contract is too narrow as it refers to obtaining custody and instructive control of asset transfers. Again, this term may have been developed with a  cryptocurrency draft’s hat on. Certainly, services can be purchased and performed via a smart contract, and not all electronically formed contracts involved custody of assets. This limiting definition itself risks internal inconsistency with UETA’s broad acceptance of electronic contracts and possibly serving as a basis for preemption by ESIGN. 

As an example of a possible smart contract, a smart life insurance policy would be issued and delivered onto a blockchain and be computer coded to receive, when the government gets on the blockchain board, an electronic message from the county coroner’s office, which would be the official certificate of an insured’s death and serve as the “oracle” for further automation of the payment of the death claim.

The smart life insurance policy could also be coded to process the relevant business rules such as 

(1) triggering the policy’s beneficiary’s filing of the death benefit claim, which could be electronically signed by the beneficiary and delivered the insurer on the blockchain, 

(2) determining whether the policy is outside of its two-year contestability period by comparing the policy’s issue date to the date of the blockchain’s receipt of the electronically sent death certificate oracle, 

(3) determining whether the policy’s death benefit amount is less than the larger amount set by the insurer that triggers a claim investigation, say less than $250,000, and 

(4) assuming all the prior hurdles are cleared, effectuating the claim payment  to the beneficiary either on or off the blockchain. In theory, this entire process could occur within 15 minutes.

On the property and casualty side of the insurance business, the issuance and maintenance of certificates of insurance, which are regularly issued by insurance agents and brokers as a no-cost service to their commercial insurance customers to provide evidence of insurance coverage to third parties requiring such evidence such as a general contractor requiring a subcontractor to provide a certificate of insurance for the subcontractor’s workers’ compensation and liability insurance, could be blockchained.

Here the certificate of insurance would be signed and delivered to the general contractor on the blockchain by the insurance agent or broker (or eventually by the insurer, taking the agent or broker out of the equation and eliminating its internal costs of providing the certificate of insurance without any concurrent customer revenue generation). A blockchained certificate of insurance could be made real-time smart by programming it to notify the general contractor if the subcontractor’s insurance policy’s coverage or deductible amounts changed or the policy became cancelled or non-renewed, in effect marking the certificate of insurance a living and breathing electronic record.

Federal Preemption Risks

ESIGN defers, or provides reverse preemption, to UETA under certain circumstances, namely when a state does not tinker too much with the model provisions of UETA. One of the key requirements for a state’s adoption of UETA to avoid preemption by ESIGN is that the state law cannot prefer one type of technology over another. ESIGN states, in relevant part, that ESIGN will apply if a state’s electronic signature law embraces: 

such alternative procedures or requirements do not require, or accord greater legal status or effect to, the implementation or application of a specific technology or technical specification for performing the functions of creating, storing, generating, receiving, communicating, or authenticating electronic records or electronic signatures;[28]

To the extent the new state UETAs’ definitions of blockchain technology is interpreted to accord distributed ledger technologies a higher legal status than electronic signatures and records created using other, non-DLT forms of electronic technologies, states risk having their UETAs preempted by ESIGN. For example, Arizona’s UETA amendment defining blockchain technology statement that a DLT “protected with cryptography, is immutable, is auditable, and provides an uncensored truth” suggests that electronic records created via DLT cryptography are deemed to be unquestionably secure and not susceptible to alteration and may therefore obtain some higher form of evidentiary proof status in a legal challenge to the veracity of such a record.

Summary

Blockchain technology is likely here to stay and represents a new evolution in digital commerce. Fortunately, the drafters of UETA had the foresight to create a model electronic signatures and records law which, 19 years later and as-is, readily accommodates distributed ledger technology based transactions.

Creating blockchain transactions or smart contracts for businesses will require in-house counsel to rigorously to examine the business’s current transactional workflows and processes, which might require some risk assessment driven alterations, and determine how and when to apply UETA (with or without the blockchain or smart contract additives).

Using a UETA compliance checklist is a good starting point for accomplishing this important task. Please contact the author for a sample UETA compliance checklist for assisting in safely blockchaining your contracts. Brian T. Casey is a partner and co-chair of the regulatory and transactions insurance practice group at Locke Lord LLP.

The opinions expressed are those of the author and do not necessarily reflect the views of the firm, its clients, or Portfolio Media, Inc., or any of its or their respective affiliates. This article is for general informational purposes and is not intended to be and should not be taken as legal advice.

[1] Pub.L. 106-229, 114 Stat. 464, enacted June 30, 2000, codified at 15 U.S.C. ch. 96.

[2] Uniform Electronic Transactions Act (1999), Unif. Law Comm’n.

[3] 15 U.S.C. § 7002(a)(2).

[4] UETA, Section 16 governs electronic transferable records and establishes when a person has control of an electronic note under Article 3 of the UCC and an electronic document under Article 7 of the UCC.

[5] UETA, § 6 Comment.

[6] UETA §2(2).

[7] UETA § 2(3).

[8] UETA § 2(5).

[9] UETA, Comment 4.

[10] UETA § 2(6).

[11] UETA § 2(7).

[12] UETA § 2(11).

[13] UETA § 2(13).

[14] UETA § 2(14).

[15] UETA, Comment 11.

[16] UETA § 2(16).

[17] UETA, Prefatory Note A.

[18] ESIGN does not embrace the concept of a security procedure or encryption of data.

[19] UETA § 9.

[20] UETA § 13.

[21] A.R.S. § 44-7061(E)(1) and (2). These amendments also provide that a signature secured through blockchain technology is an electronic signature and a record or contract secured through blockchain technology is an electronic record. A.R.S. § 44-7061(A) and (B).

[22] Tenn. House Bill 1507.

[23] Cal. Assembly Bill 2658.

[24] Fla. H.B. 1357.

[25] Neb. Legislative Bill 695.

[26] A.R.S. § 44-7061(E)(1).

[27] A.R.S. § 44-7061(E)(12).

[28] ESIGN, § 102(a).