b4bpartner Inc. - ESIGN Comments

b4bpartner Inc.

March 16, 2001

Via Email

Secretary, Federal Trade Commission
Room H-159
600 Pennsylvania Avenue, N.W.
Washington, D.C. 20580

National Telecommunications and Information Administration
14^th Street and Constitution Avenue, N.W.
Washington, D.C. 20230
Attn: Sallianne Fortunato

RE: ESIGN Study - Comment P004102

Dear Sir/Madam:

b4bpartner Inc., an electronic document software company ("b4bpartner"), is submitting comments in connection with the request for comments to the Consumer Consent provisions of the Electronic Signature Global and National Commerce Act (66 Fed. Reg. 10011/February 13, 2001).

Background of b4bpartner

b4bpartner provides electronic document software to major U.S. financial institutions. b4bpartner provides web vault software that allows the customer of a financial institution to store, access, share, track, control and manage his electronic documents in a secure online environment from the institution's web site. The institution can electronically deliver statements and agreements to the customer's web vault. In addition, b4bpartner integrates its web vault technology with its form generator software to allow customers to electronically review, correct and sign documents from the web vault. Accordingly, b4bpartner realizes the importance and value of electronic records and electronic signatures wants to ensure that the benefits of any precautionary procedures are balanced against the potential negative affect on consumer adoption rate.

General Issues

1. Affect of Consumer Consent Prior to Delivery of E-Records: The opt-in requirement to the delivery of electronic records will have a negative affect on consumer adoption rates for relying solely on electronic records because it is another action that must occur before the business can eliminate the physical paper delivery requirement. However, we see that businesses (particularly certain online brokerage firms) are incorporating the request and receipt of consumer consent within the other documentation that must be executed at the commencement of the relationship. For example, the consent is incorporated into the Online Brokerage Agreement by certain financial institutions.

2. Statutory Changes to Assist in Implementation: There is a significant concern by financial institutions with the coordination of statement delivery to consumers that rescind the consent to receive electronic records. For example, if a consumer initially consents to receiving electronic records and then subsequently rescinds such consent, it may be difficult for the institution to provide a paper statement to the consumer within the legally required timeframe. Therefore, it would be appropriate to provide some exculpatory provision that limits the financial institution's liability if it provides the paper statement to the consumer prior to the later of (a) the deadline prescribed by law or regulation; or (b) within a reasonable period of time after consent to receive electronic records is revoked by the consumer.

The ESIGN Act should be modified to allow any account holder to consent to the receipt of electronic records for all consumers on such account. For example, if a bank was delivering electronic bank statements to a consumer and the consumer adds another name to the account (e.g., a spouse), any account holder should be able to consent to the receipt of such electronic record. The ESIGN Act should provide that consent by one consumer on an account is attributed to all consumers on such account. This modification would make the ESIGN Act consistent with 12 CFR 230.3(d) of Regulation DD (Truth in Savings).^⁽¹⁾

If electronic records are inadvertently sent to the consumer before the consumer consent and the consumer subsequently consents to the receipt of electronic records and releases the business from any prior improper electronic record delivery, such release should exculpate the business. For example, if a consumer electronically signs a loan application with federally mandated disclosures without consenting to receive electronic records but executes such consent at an electronic loan closing, such consent should exculpate the financial institution.

3. Benefits and Burdens from Affirmative Consent: The potential class action lawsuits and bad publicity to a financial institution that provides electronic records to consumers that cannot be properly read or retained is sufficient incentive to cause the institution to employ good business practices regardless of the ESIGN Act consent requirement. On the other hand, an under-capitalized, uninsured or unscrupulous business that is not concerned with lawsuits or bad publicity is also not likely to be concerned with the requirement to obtain consumer consent. Therefore, the consumer consent requirement is probably an unnecessary burden on those institutions that otherwise would obtain such consent and is probably not a deterrent to those institutions to which it is directed.

4. Suggested Improvements: See proposed modifications under paragraph 2. Also, in Arthur Levitt's Letter to Industry, Regarding T + 1 (February 16, 2001), he outlines the goal of the securities industry to clear trades within 24 hours by 2004. This process requires revisions to shorten the current 48 hour prospectus delivery requirement. The provisions of the ESIGN Act directly affect the securities industry's ability to achieve the T + 1 standard and "straight through processing." Therefore, Congress could take the opportunity to shorten the 48 hour prospectus delivery requirement when reviewing the ESIGN Act.

5. Additional Issues to be Considered: We believe that security and privacy should be addressed by this study. For example, if a consumer consents to receiving electronic bank statements via unencrypted email, there are significant security and privacy issues. The consumer may not be in a position to understand these issues. The SEC loosely addressed this standard in SEC Release 33-7288 (May 9, 1996). b4bpartner believes that any legal requirements as to the delivery of electronic records that contains confidential information (e.g., Social Security number, financial information, health records, etc…) should also include a requirement to incorporate technology that protects the confidentiality, integrity and security of the transmitted electronic record.

Business Issues

6. Requesting Consumer Consent to e-Records: Not applicable

7. Method of Consent: b4bpartner presents a Consumer Consent Form to the consumer for electronic execution. Once the document is electronically signed, b4bpartner's software delivers the electronically signed Consumer Consent Form to the consumer with an opportunity for the consumer to indicate whether he or she can view the document. All future electronic records are delivered to the consumer using the same format as the electronically signed document.

8. Electronic Consent Practice Based on ESIGN Act: SEC Release 33-7288 and Federal Reserve Board's Interim and Proposed Rules to Section 230.6(c) of Regulation DD (64 Fed. Reg. 49848, September 15, 1999) governing the electronic delivery of federally mandated disclosures by financial institutions support the delivery of electronic records to consumers in lieu of paper.

9. Types of Transactions using Consent prior to E-Record: b4bpartner currently sees that e-records are most prevalently used in the online brokerage industry with confirmation statements. There has not yet been significant adoption by banks or insurance companies, two industries that likely will realize substantial savings from the conversion of paper delivery to electronic record transmission.

10. % of Transactions per Month Requiring Distribution of Written Records: Not applicable

11. Costs of Providing Customers with Option of Electronic Consent: Not applicable

12. Burdens Associated with Providing E-Records to Consumers: From the experience of b4bpartner, the business that provides electronic records to its consumers via the Internet will maintain its own proprietary document management system that keeps a copy of all electronic records. In lieu of providing the consumer with access to this system which could be a security weakness, the business delivers the electronic records to a directory outside of its firewall and then b4bpartner's software accesses those records and posts it in the appropriate customer web vault. Therefore, the business maintains duplicative data which increases infrastructure and hardware costs. However, b4bpartner has found that this cost is significantly less than maintaining, copying, distributing, accessing and managing paper files.

13. Economies and Benefits from E-Record Distribution: No information

14. Benefits of Providing E-Records Outweighing Burdens for Businesses: b4bpartner believes that the benefits of providing electronic records to a consumer significantly outweigh the corresponding burdens. In addition to the elimination of tangible costs such as postage, printing, paper, storage and retrieval systems associated with paper, an electronic delivery system has significant intangible benefits. With immediate access to records by the consumer, call center requests for paper statements should be reduced. Also, by providing immediate access to records through the business's web site, the consumer's burden of storing and managing paper is eliminated. This benefit should create a stronger relationship between the consumer and the business.

15. Consumer or Employee Feedback: No information

16. Methods to Verify Consumer Consent: b4bpartner addressed the first issue in paragraph 7 above. The other issue addresses the authentication and attribution of the consumer's execution. b4bpartner has incorporated several procedures to address this issue. If the customer signs the Consumer Consent Form without a digital certificate, b4bpartner employs technology that authenticates the customer in real-time by asking the customer to provide certain confidential information to confirm his identity. The IRS uses a similar form of a "shared-secret" authentication with the electronic signing of income tax returns by querying the taxpayer's social security number and information from the prior year's income tax return. With a digital certificate, b4bpartner can authenticate the customer based on information contained on the certificate compared to the information maintained on the customer by the issuing authority of the certificate. This latter method relies on the authentication procedures applied by the issuing authority when the certificate is issued to the customer.

17. Additional Measures to Prevent Consumer Fraud: As stated above, if electronic records are going to be transmitted to the customer, certain confidentiality, security and data integrity measures should be incorporated into the transmission process. For example, the financial institution industry standard is a Secure Sockets Layer (SSL) transmission in which data exchanged between a web server and a customer is encrypted. Unencrypted email lacks many of these security features and should be avoided if any confidential information is being transmitted. As stated above, consumer fraud by unscrupulous businesses is going to continue despite the ESIGN Act. b4bpartner believes that the ESIGN Act only affects businesses that would otherwise employ good and secure business practices regardless of the ESIGN Act requirements. Therefore, it is unlikely that the ESIGN Act will reduce the impact of consumer fraud.

18. Consumer Consent with International Commerce Transactions: No information

19. Reasons for not Providing E-Records: A major reason for the slow deployment of the delivery of electronic records is customer demand. One of our customers recently conducted a survey of his credit card users and offered to reduce their annual expenses if the user would agree to receive electronic records in lieu of paper records. Eighty-seven percent (87%) agreed to pay a higher annual fee to continue to receive paper records. The issue is changed consumer behavior. b4bpartner believes that businesses will have to condition the consumer's acceptance to receive electronic records over a period of time by (a) not charging the consumer to receive electronic records and (b) providing both electronic records and paper records for a period of time to profitable customers until this market segment realizes that they no longer have to manage paper records. As the market segment becomes more accepting of electronic records, mainstream consumers will begin to demand such services. This transition will take a number of years.

The acceptance to deploy electronic delivery systems could be accelerated with the dissemination of cost/benefit analysis information. With the current economy, financial institutions are reluctant to integrate and deploy new technology and business processes without an ascertainable return on investment model. Any dissemination of cost/benefit information or Congress adopting business tax credits to initially encourage and support the delivery of electronic records would greatly accelerate this transition process.

Consumer Issues

20. Frequency of Requesting E-Records: I have personally opened brokerage accounts at E*Trade and Fidelity. Both of these online brokerage firms provide for the delivery of electronic records to the customer.

21. Receiving E-Records: Yes and yes.

22. Effect of Providing Prior Consent to E-Records: I provided my consent to receive electronic records to both E*Trade and Fidelity. In both instances, these businesses provided me with the legal requirements regarding my options to receive paper and to rescind my consent before I received any electronic records.

23. Consumer Benefits of E-Records: The benefits are numerous, including (a) organized electronic records; (b) easier preparation of income tax return; and (c) elimination of paper files. b4bpartner's technology addresses the deficiencies of these current systems - (i) the inability to securely share and track electronic records with advisers and third parties; (ii) the inability to securely store other electronic records in one Internet-accessible location; (iii) the inability to deposit copies of agreements that I electronically sign into such location; and (iv) the inability to fax documents directly into such location.

24. Benefits of Providing E-Records Outweighing Burdens for Consumers: The benefits described in paragraph 23 exceed the burdens associated with consumer consent.

Technology Issues

25. Software Programs Enabling Electronic Consumer Consent: No. b4bpartner is one of a handful of software vendors that provide this type of e-signature technology incorporating a web vault solution for secure delivery of electronic records with an e-document and e-signature solution.

26. Methods to Verify Confirmation is Transmitted: See paragraph 16.

27. Additional Technology: No additional technology is needed to accomplish consumer consent or consumer authentication. b4bpartner has incorporated a real-time Internet process to authenticate the user based on a "shared-secret" approach. Other solutions include digital certificates that would require additional technology. The authentication is shifted from the web site accepting the digital signature to the issuing certificate authority. This method is a viable solution to authentication but may be several years from mass consumer adoption because of the relatively low current adoption rate and usage of digital certificates by consumers.

28. Impact of Newer Technology with Consumer Consent: Congress did a fine job in drafting the ESIGN Act as technology neutral legislation. Any amendments or regulations relating to the ESIGN Act should also be technology neutral to allow the industry to adopt newer and better technologies without concern of whether such technologies are legally compliant.

COPY(Document ID: 0000000066200103162207180000000309)

Document electronically signed by Tom Wells, as agent for b4bpartner Inc., 03/16/2001 22:07:18

1. Multiple consumers. If an account is held by more than one consumer, disclosures may be made to any one of the consumers.