Re: [PLUG] Signing contracts digitally?

[Rich Freeman <r-plug@thefreemanclan.net>]

On Fri, Feb 21, 2014 at 4:07 PM, brent timothy saner
<brent.saner@gmail.com> wrote:
> Thanks, this was fairly informative. Do you happen to have any
> contacts you can send me off-list that would perhaps have legal
> experience with this?

I don't mind conversing a little off-list myself about how the FDA
views these things, but I don't really have any contacts that deal
with the issue in general.

Your needs here are likely to be fairly different from mine.  The
sorts of electronic signatures the FDA is concerned with are fairly
unlikely to be contested.  Usually they represent certifications that
a particular process was followed, and all the signatories on some
kind of document or piece of data work for the same company, or for
subcontractors/etc.

If there is any kind of dispute, it is likely to be of a sort where
the parties are not evenly matched.  Perhaps it will be discovered
that some doctor falsified some data in order to enroll more patients
in a clinical trial and get paid more.  In such a situation the
company that paid the doctor is going to be doing whatever they can to
make the FDA happy, and as long as the FDA doesn't suspect the problem
is systemic they'll take the companies side and prosecute the doctor.
That means that everybody with knowledge of the systems and processes
involved will be on one side of the case, and if it gets that far
there is likely already a mountain of evidence against the doctor, of
which the signatures are just the icing on the cake.

So, when the FDA asks questions about an electronic signature system
they're more concerned with whether the rules were followed, and
they're more interested in the larger process the signatures fit into
(which is likely a process mandated by regulation).

You see more interested in signatures by parties in a contract/etc,
which are much more likely to be involved in an adversarial dispute
down the road.  Perhaps one party might seek to invalidate the
original agreement.  So, you need to ensure that you have enough data
supporting the authenticity of the signature and integrity of the
processes around that to avoid losing in court.

However, I suspect the signature really isn't the biggest problem.
The content of the document is really what I think you need to
protect.  People sign contracts because they engage in some kind of
exchange of goods/services (if there is no exchange, then generally
there is no contract regardless of what the paper says).  If a court
sees an exchange of goods/services, they're probably going to assume
that a contract of some kind exists (verbal, written, whatever).  Your
challenge is defending the assertion that the terms are what you say
they are.

If somebody wants to get out of a loan and goes to court arguing that
they never agreed to a loan, the court isn't going to buy it, as no
bank just hands out money.  However, if you argue that it was an
unsecured loan, or dispute the interest rate or other details of the
transaction, the court will certainly entertain the argument.

So, I'm not a lawyer, but anytime you set up a system like this you
need to think about who would dispute its output, and how to ensure
that you have a reasonable answer when this happens.  That might
involve technology, process, people, etc.  If you back up data and
transfer it to a third party immediately after it is collected, then
if somebody wants to argue that you tampered with the data they have
to argue that the third party colluded with you, and so on.

Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug