The COVID-19 pandemic has fundamentally altered the way we live and conduct business. Most non-essential businesses have closed their offices and established entirely remote workforces, and many individuals may be in quarantine, which means that “wet” signatures on paper can be highly inconvenient. This reality has focused more attention on electronic formats. In this blog post we examine the landscape of electronic signatures in light of the pandemic and what it will mean for signature requirements going forward. Electronic signatures apply to both agreements entered into online, such as when completing an internet transaction or assenting to a contract via email, as well as paper documents. With businesses wondering under what circumstances electronic signatures are binding, this post briefly lays out what rules businesses need to follow.

The District of Utah ruled in late May that Section 230 of the Communications Decency Act, 47 U.S.C. §230 (“CDA”) shields The Tor Project, Inc. (“Tor”), the organization responsible for maintaining the Tor Browser, from claims for strict product liability, negligence, abnormally dangerous activity, and civil conspiracy.

The claims were asserted against Tor following an incident where a minor died after taking illegal narcotics purchased from a site on the “dark web” on the Tor Network. (Seaver v. Estate of Cazes, No. 18-00712 (D. Utah May 20, 2019)). The parents of the child sued, among others, Tor as the service provider through which the teenager was able to order the drug on the dark web. Tor argued that the claims against it should be barred by CDA immunity and the district court agreed.

UPDATE:  Subsequent to the introduction of the New York City Council biometric privacy bill, on March 5, 2019 members of the Florida legislature introduced the “Florida Biometric Information Privacy Act” (SB 1270).  The statute generally follows the Illinois Biometric Information Privacy Act (BIPA) regarding notice and consent requirements and notably provides for a private right of action and the availability of statutory damages.  As with the New York City bill, we will follow the progress of the Florida bill, as well as other pending biometric privacy legislation (e.g., Montana’s HB 645, which was introduced on March 1, 2019 and is another BIPA-like bill, but only allows enforcement by the state attorney general).

UPDATE: Both the Florida and Montana bills died in committee this past spring.

In light of the recent decision by the Illinois Supreme Court in Rosenbach v. Six Flags Entertainment Corp., 2019 IL 123186 (Ill. Jan. 25, 2019), it is worth remembering that late last year, New York City Council members Ritchie Torres (and additional co-sponsors) introduced a bill for the city council to consider that would regulate the use of biometric technology in New York City. Bill Int. No. 1170 (the “Bill”) would amend Section 1, Chapter 5 of Title 20 of the Administrative Code of the City of New York and require businesses (but not governmental actors) to give notice to customers if they are collecting “biometric identifier information.” The Bill, which contains some similar provisions to the Illinois Biometric Information Privacy Act (“BIPA”), includes a private right of enforcement but avoids the statutory standing issue litigated in Rosenbach by providing that “any person who[se] biometric identifier information was collected, retained, converted, stored or shared in violation of [the law] may commence an action.”  If enacted, this bill could lead to a deluge of individual and class action suits in New York based on biometric activity.

In an effort to modernize communications, the Federal Communications Commission (“FCC”) decided to allow cable operators to deliver general subscriber notices required under so-called Subpart T rules (47 CFR §§ 76.1601 et seq.) to verified customer email addresses. This decision was announced through a Report and Order on November 15, 2018. This update is part of the greater trend towards using electronic communications and electronic contracting to replace paper as supported by the federal Electronic Signatures in Global and National Commerce Act (“E-Sign Act”) and related state laws. The E-Sign Act allows electronic records to satisfy legal requirements that certain information to be provided in writing if the consumer has affirmatively consented to such use. However, the E-Sign Act allows federal agencies like the FCC to exempt a specified category or type of record from the normally required consent requirements if it makes the agency’s requirements less burdensome and does not harm consumers. In this case, based on an understanding that it would be impractical for cable operators to attempt to receive permission from each individual customer prior to initiating electronic delivery of these general notices, the FCC waived the consent requirement pursuant to their discretion under the E-Sign Act.

In what is one of the most recent attempts to circumvent the immunity provided in Section 230 of the Communications Decency Act (“CDA” or “CDA Section 230”), the United States District Court for the District of Massachusetts made it clear that claims brought under the Defend Trade Secrets Act (18 U.S.C. §§ 1836, et seq.) (“DTSA”) are not exempt from the scope of CDA immunity. In Craft Beer Stellar, LLC v. Glassdoor, Inc., No. 18-10510, 2018 U.S. Dist. LEXIS 178960 (D. Mass. Oct. 17, 2018)), the district court found that, as stated in the DTSA itself, the DTSA is not an “intellectual property” law, and is therefore not excluded from the scope of the immunity provisions that protect online service providers from being treated as a publisher or distributor of third-party content. The ruling is a victory for online providers, affirming a robust interpretation of CDA immunity and representing what is likely the first judicial view on how federal trade secret claims should be treated under CDA Section 230.