Comments to theDepartment of CommerceOffice of
the General CounselLaws or Regulations
March 17, 2000
In these comments, the National Consumer Law Center
and the Consumer Federation of America, representing low and middle income consumers
throughout the U.S., seek to present an overview of the concerns facing consumers
in the determination of barriers to electronic commerce.
We appreciate the articulation of consumer concerns
that must be addressed as the U.S. Government proceeds with the review of rules
and policies which may impede electronic commerce: "it is essential to ensure
that electronic commerce is as safe for consumers as traditional forms of commerce."
Below, we will highlight our concerns regarding the ways in which the facilitation
of electronic commerce may reduce protections for consumers in both the electronic
environment, as well as in the real world.
Our comments should not be construed to indicate
that we are opposed in any way to facilitating electronic commerce. We are not.
Indeed, we believe that once access to the Internet is more widely available
to all Americans, especially the nation's poor and elderly, there may be many
new and beneficial opportunities made available. However, for electronic
commerce to benefit consumers, the same basic consumer protections which are
required in the physical world must apply to electronic transactions. Moreover,
policies to facilitate electronic commerce must assure that consumers who are
looking for credit, goods and services both through the Internet, and in
the physical world will not be victimized by overreaching merchants of goods
and services.
Encouraging electronic commerce and protecting
consumers need not be competing goals. The key to facilitating electronic commerce
while protecting consumers’ interests is to ensure that all of the assumed elements
to a transaction in the physical world are in existence in electronic commerce,
and that ecommerce not be the excuse for reducing consumer protections in real
world transactions.
I. New laws and policies designed to facilitate electronic commerce
must not place an unfair burden on consumers who are not transacting business
electronically and may not have the capacity to do so.
As the Department of Commerce itself has found,
over 67% of American households still do not have access to the Internet. While
this number is falling rapidly, it is likely that some significant percentage
of Americans will always lack direct access to ecommerce. The fact that almost
6% of American households still lack home telephones provides considerable support
to the contention that there will always be some Americans who will not be "on-line."
The only universal means of receiving information for all households, regardless
of wealth, connection to the telephone system, or the Internet, is the U.S.
Postal System. Until the Internet achieves the same degree of universality as
the U.S. Postal System, electronic commerce and electronic delivery of information
cannot replace real paper.
Given the assumption that a significant number
of American households will not have access to the wonderful world of electronic
commerce, new policies must be designed that do not further burden these households.
It would not be fair, for example, to tax real world transactions without taxing
Internet transactions, because that places a higher burden on the lower income
households who do not have equal access to the Internet. Further, policies designed
to allow willing parties to shop, negotiate, and close transactions on-line
should not allow parties in physical world transactions to require
electronic communications as a condition of doing business in the physical world.
To allow otherwise, is to invite fraud, coercion and unconscionable practices
which will hurt consumers.
In almost every transaction between consumers
and business it is a "take it or leave it" proposition for the consumer. One
can easily imagine computer kiosks on businesses' premises at which consumers
would be required to electronically consent to receiving electronic records,
as a condition of doing business. That would be wrong. The basic rule of thumb
for the facilitation of electronic commerce should be that all physical world
transactions must operate under traditional rules. Only electronic transactions
in ecommerce should precipitate the electronic exchange of information.
II. Documents that are provided electronically must have the same
integrity as paper, so that consumers have the same ability as businesses
to use electronic records to prove the terms of the documents in court.
Paper disclosures required by law are designed
to serve consumers' interests by providing them with information critical to
making informed choices in the marketplace, understanding their rights and obligations
during commercial transactions, and enforcing their rights when transactions
go sour. Legal requirements that certain information be given to consumers in
writing often are adopted because of a history and pattern of harm to their
citizens. Required paper notices and documents are critically important to ensure
that consumers are apprized of their rights and obligations.
Documents provide certainty to transacting parties,
capturing the terms of the agreement. Courts and others who are later called
upon to interpret and enforce agreements rely on paper records to construct
the parties' intent. For electronic information to provide the same certainty
to the parties and the courts they must be protected from both inadvertent and
intentional changes. If a consumer inadvertently changes a single byte on an
electronic document, or an electronically provided notice is deleted during
a business' overhaul of their Web site, the documents will be unavailable or
useless if disputes arise.
We do not seek to add consumer protections to
the electronic marketplace that are not in existence in the physical. We
do seek to ensure that the consumer protections that apply in the physical world
are equally applicable to e-commerce. Special issues must be addressed
because of the differences between the physical world and the electronic world.
For example, when a law requires a document to be in writing there are a number
of inherent assumptions that automatically apply to that writing that are not
necessarily applicable to an electronic record. A paper writing is by its nature
tangible, once handed to a person it will not disappear unless the person makes
it disappear. The printed matter on the paper writing will not change every
time someone looks at it, and the writing can be used at a later to prove its
contents.
None of those assumptions apply to an electronic
record. An electronic record can be sent to a person who does not know it is
there, because the person does not have email, the computer or Internet Service
Provider is broken (and unlike the U.S. Postal Service, there is no reasonable
guarantee of delivery of email). The electronic record could be provided in
a format which is not retainable by the viewer; even if the viewer is able to
download the electronic record, it may not be printable in the same format in
which it was viewed. Once downloaded the electronic record may be inadvertently
changed by the viewer every time it is brought up on the screen; and if this
is possible the electronic record thus becomes useless to prove its contents.
Consumers can potentially benefit from receiving
information electronically, but the electronic transmission of contracts, notices
and disclosures should not change the extent to which consumers can use or rely
on these documents as they could when they were provided on paper. Replacing
these essential paper notices and contracts with electronic records should not
be done without adequate assurances that consumers will be able to receive and
retain electronic information in a useful format.
III. Policies providing electronic signatures with equivalent legal
status to physical signatures must not establish a framework for
consumers to be unfairly burdened with losses resulting from the misuse
of their electronic signatures.
The assumptions about physical signatures do not
easily translate to electronic signatures. In the real world context, in a court
proceeding a person who denies that the signature on a contract is really his
must present some proof before the party claiming under the signature is required
to prove it is valid. Proof that a person's signature was not made by
that person is relatively easy to present; one can simply say "Look, it doesn't
look like my signature, here is what my signature really looks like." Or "I
was nowhere near the place the contract was signed on that day, I was at the
beach, and here is my hotel receipt to prove that I was at the beach." Once
some proof is provided challenging the validity of the signature, the rules
as to which party then has the burden of proof on the validity of the signature
vary depending upon whether the contract in question is governed by the Uniform
Commercial Code or by common law contract law. But the significant point is
that in both cases, in order to open up the question regarding the validity
of the physical signature some proof must be provided.
The federal and state bills currently being considered
simply transfer these common law rules of burdens of proof to the validity of
electronic signature. But these rules do not translate into a fair system in
the context of electronic commerce. Asking a person to provide some proof that
an electronic signature was not made by that person is asking a person
to provide proof of a negative. All a person can really say is something along
the lines of: "I did not sign that document." "It was not me that typed in the
password, or the macro that initiated my digital signature." What kind of proof
can an individual offer to show that they did not type in some letters or words
in an electronic transaction? It will be virtually impossible for individual
consumers to prove this negative. The result will be that many, many consumers
will be forced to pay for goods or services they did not purchase, and from
which they did not benefit.
Of course, these concerns may not apply when electronic
signatures are based upon biometrics. But the UETA and the federal bills cover
all electronic signatures, the typing of one's initials, a digital signature,
or a thumb print, and more.
Once electronic signatures are provided the same
legal status as handwritten signatures there must be some new consumer
protections. Electronic signatures must meet certain standards to provide all
parties with assurances against forgery; the authentication technologies should
accessible equally to both parties in electronic transactions; and the law should
provide consumers with protection from loss when there is a technology failure.
Electronic signatures which are given the same
legal weight as their handwritten counterparts have much greater risk of forgery,
duplication, and identity theft. As a result, businesses should not be permitted
to make complicated technology choices and put the risks on consumers. Businesses
have superior access to information about electronic commerce, and technology,
as well as the ability to limit, and plan for the risks created by electronic
commerce. Consumers have neither the access to information nor the expertise
necessary to evaluate the appropriateness of a given technology. Permitting
risk shifting to consumers in this situation is bad policy.
To ensure that a robust infrastructure for electronic
commerce emerges, the responsibility and liability for technology failures should
be squarely on the shoulders of certificate authorities, manufacturers, or the
businesses dictating the technology to be used. When there is a gross inequality
of bargaining power between the parties -- as is typical in most transactions
between consumers and business -- one party will likely dictate the authentication
technology to be used, and will likely require the consumer to bear the risk
of misuse. The security of online interactions is critical to both businesses
and consumers; at the least the risk should be shared. At best, the risk from
misuse should be placed on the party dictating the particular authentication
technology.
Dishonest businesses could require or permit a
form of authentication to be used that is corruptible or unreliable. The use
of weak authentication tools may place the consumer in a worse position than
the absence of authentication. In the consumer context, the risk of misunderstanding
any risk-shifting consequences from adopting an authentication procedure are
even greater than in the business to business context since such a rule is directly
contrary to the rules that now apply in other similar consumer transactions.
As a result, a law that peremptorily establishes the legality of any authentication
technology agreed to must ensure that consumers are not bound by the unauthorized
use of an online authentication procedure. Unless fraud and error losses associated
with online transaction technologies are allocated to technology providers and
online vendors, there will be no incentive for investment in the further improvement
of the technologies in use. Liability standards must be clearly established
in the law.
Electronic commerce requires the development of
reliable methods of verifying the identity and capacity of contracting parties.
We look forward to a robust online marketplace built upon strong security protections
for the individual's identity, personal information, commercial transactions
and communications. However, at this time such a framework does not exist. Requiring
courts to give the same weight to electronic signatures without assessing the
different risks posed by online commerce will unintentionally harm consumers.
There is a better framework to apply to electronic
signatures than simply the common law rules of physical signatures: the rules
created by this Congress for the use of credit cards under the Fair Credit Billing
Act. Congress realized when the credit card system was authorized that it was
logical and appropriate to put the risk of loss from fraud, theft, or system
failure on the industry creating and maintaining the credit card system. The
clear beneficiaries of this statutory transfer of risk of loss: the credit industry
which has enormous profits from credit cards, and merchants for whom the use
of credit cards facilitates millions of dollars of sales each year.
An electronic signature is much more like a credit
card than it is like a physical signature. It is an electronic device which
binds the holder of the credit card to a promise to pay. An electronic signature
is also an electronic device — outside the body of the owner — which can bind
the owner to a promise to pay. Unauthorized use is a likely possibility in many
situations. Who should bear the burden of loss when this occurs?. If the use
of electronic signatures is left to the rules applied to physical signatures,
consumers will bear the cost. This will neither be fair, nor will it appropriately
facilitate electronic commerce. A better rule would be to put the burden of
proof of unauthorized use of electronic signatures on the merchant in merchant
to consumer transactions. This will force the electronic commerce industry to
create a system for using and accepting electronic signatures that limits losses
from fraud, mistake, theft and system breakdowns to an absolute minimum — because
the creators of the system will bear the losses.
IV. Recommended consumer protections for electronic commerce.
To maintain the status quo; to ensure that consumers
are protected while advancing a healthy and vigorous electronic marketplace,
the same assumptions that apply in the physical world must be made explicitly
applicable to electronic commerce. In consumer transactions, electronic records
should be permitted to replace paper writings only when the following rules
are in place:
1. Electronic contracts should only be allowed
to replace paper contracts when the transaction truly occurs in electronic
commerce. Electronic contracts should not be permitted to replace paper
contracts when the transaction has actually occurred in person.
2. Electronic contracts should only be permitted
to replace paper contracts when the basic assumptions that are inferred
about paper are required to be applied to the electronic transaction:
a) The consumer must have the capacity
to receive, retain and print the electronic contract.
b) The contract must be provided to both
parties in a format that they can each retain, and print.
c) The contract must be provided to both
parties in a format that prevents alteration after it has been received.
3. Consumers should be permitted to request
paper copies of their electronic contracts to address the possibility that
a consumer may be mistaken about the capacity of a computer to receive,
retain or print the electronic contract. This is especially necessary if
the law permits parties to contract from public access computers such as
in public libraries or schools, or shopping malls.
4. Electronic records should not be
permitted to replace written notice and disclosures which are provided at
a time later than the contract is entered into, unless specific rules are
developed to
a) ensure that the consumer continues
to have the capacity and willingness to receive the electronic records;
b) establish reasonable rules regarding
electronic delivery and electronic receipt of these records which are
equivalent to the delivery rules in the physical world in state law;
c) requires the integrity of the record.
5. Electronic contracts must be required to
use electronic signatures which are reasonably linked to the contracting
parties.
6. Electronic signatures must only be permitted
to replace physical signatures when the risk of loss from the failure of
the authentication technology, either through fraud, mistake, technological
failure or theft falls on the merchant. In consumer to consumer transaction,
the risk of loss can be determined by agreement.
Conclusion
Consumers will welcome the opportunity to engage
in safe and secure online transactions. However, safety and security are built
upon our long history of providing strong consumer protections. Consumer protections
equivalent to those found in the offline world must be built into the online
marketplace. The U.S. Department of Commerce should develop a blueprint to address
the consumer protection concerns identified above. We look forward to working
with you to ensure that consumer protections are a vital part of the online
marketplace.
and NCLC