The e-FAC: one year later.

• Author: Wondracek, Jennifer
• Position: Electronically printed Florida Administrative Code

In the middle of October 2012, a former student came to my office and asked me what the "FAR" was. I immediately thought of the Federal Acquisition Regulations, but this was a Florida publication. After some research, I found out that the Florida Legislature had changed the name of the Florida Administrative Weekly to the Florida Administrative Register (FAR) as of October 1, 2012. The legislature also made further changes to the publication content and frequency. The biggest change of all, however, was switching the official format of the Florida Administrative Code (FAC) from print to electronic.

This article opens with a brief history of the evolution of the FAC and FAR from print to electronic. Next, the issues that arise when legal materials, especially official legal publications, migrate from print to electronic formats are examined. State projects to digitize official legal materials and the Uniform Electronic Legal Materials Act (UELMA) are discussed, as well as the consequences, both positive and negative, of moving the FAC and FAR online. Solutions to the negative consequences are also addressed.

Brief History of the Florida Administrative Code and Florida Administrative Register

The Florida Legislature created the biannual Florida Administrative Code and the monthly Florida Administrative Register in 1961 through the enactment of the Florida Administrative Procedures Act (APA). (1) The purpose of this act was "to set forth a uniform method of procedure under which each administrative agency will be obligated to operate so as to afford the regulated individual the fundamental guarantees insured to him [or her] by the federal and state constitutions." (2) In 1974, the legislature replaced the 1961 law with a more modern version of the APA, which changed the frequency of the updates to the FAC to monthly. (3) The 1974 APA also renamed the FAR to the Florida Administrative Weekly (FAW) and required it to be issued on a weekly basis. Afterwards, the FAC and FAW were fairly stable publications for a long period of time, with minor modifications.

Efforts to turn the FAC and FAW into electronic versions began about 10 years ago. In 2004, the legislature changed the frequency of the FAC to a "continuous revision system," (4) eliminating a set period, such as one month or year, for revisions to the FAC. This can be difficult to implement in a print system due to the constant need to print and ship updates. The legislature created the electronic version of the FAW (E-FAW) in 2006. (5) The electronic FAC (E-FAC) followed in 2008. (6) In 2012, the legislature took a major leap into the digital world, making the E-FAC and E-FAW the official versions and making the print versions optional. (7) The 2012 act also renamed the FAW back to the Florida Administrative Register. Both publications are now "continuous revision and publication[s]." (8) There were several reasons for the 2012 changes: 1) a more efficient government, 2) reduced workload for the Department of State, and 3) to "streamline information." (9) Florida Department of State Legislative Affairs Director Christie Burrus also mentioned that several publications of the Administrative Codes and Registers Section of the National Association of Secretaries of State "indicated that states were moving toward continuous publication of their registers, and an electronic copy of both the Register and Code, as the official version." (10)

Issues with Electronic Legal Materials in General

Authentication is an issue that should be familiar to attorneys. Every time an attorney prepares for a trial, he or she must carefully build up the necessary information, such as proof of the chain of custody, to authenticate pieces of evidence that the attorney wants to enter into the record. This is an issue important enough to attorneys and courts that the rules of evidence at the federal and state levels contain rules dealing with what is needed to prove authenticity. (11) Unfortunately, electronic versions of state laws have not received the same scrutiny.

What does authentication mean? According to the American Association of Law Libraries' "State-By-State Report on Authentication of Online Legal Resources," an authentic legal resource is:

one whose content has been verified by a government entity to be complete and unaltered when compared to the version approved or published by the content originator. Typically, an authentic text will bear a certificate or mark that conveys information as to its certification, the process associated with ensuring that the text is complete and unaltered when compared with that of the content originator. An authentic text is able to be authenticated, which means that the particular text in question can be validated, ensuring that it is what it claims to be. (12)

To break this down, authenticated legal resources need to:

* Be a replica of the original text approved by the lawmaker;

* Be verified by the government as accurate and unchanged; and

* Bear some way for the viewer to confirm the government's verification.

Print resources are fairly easy to authenticate. Governments either publish their own books or nominate a specific publisher to publish the "official" source of the law. These official print sources are generally considered to be authentic due to their enduring and unchangeable nature. Online resources, however, do not have the same attributes.

Today, it is quite common to hear about someone hacking a website and changing the words; even governments are not immune. For instance, on November 15, 2013, Reuters reported that the group Anonymous had hacked multiple government websites as early as December 2012 and retained access until October 2013. (13) The agencies included the U.S. Army, Department of Energy, Department of Health and Human Services, and possibly more. With approximately 30,000 websites being hacked each day, (14) and government websites making up 23 percent of those hacked, (15) it is only a matter of time before Florida's legal websites are compromised. As it is right now, the public, including the 98,217 (16) attorneys licensed to practice in Florida, will be unable to see if the hackers have changed any of the language in the documents on the hacked site.

According to Matthew S. Novak,

Authentication of online information is especially important for primary source material, such as court opinions, statutes, and executive documents, as these materials form the base of the legal system. And, if online publication replaces the print resource as the official source for a given title, the issue of authenticity is that much more important, as "[t]he disappearance of print official legal sources without an authentic online substitute critically erodes the bedrock of trustworthy statements of the law." (17)

Because they are, in essence, self-authenticating, electronic legal documents issued or adopted by governments need an extra layer of technology to prove their authenticity, and this need will only increase as time passes and cybercriminals obtain better technology.

There are many ways to authenticate documents, and no one way is the "right" way. For instance, the California Office of Legislative Counsel undertook a study of several different authentication methods and their costs, on which they reported in December 2011. (18) The types of technologies discussed include:

* Secure web sites

* Document hashes (digests)

* Digital signatures: self-signed and public key infrastructure (PKI)

* Certificates

* Proprietary solutions

* Visual signatures

It is beyond the scope of this article to detail all of these technologies and how they can be integrated into an authentication procedure. A brief overview of a legal document authentication program that has been successful over time, underlying the U.S. Government Printing Office's (GPO) Federal Digital System (FDsys), may be helpful to generate a vision of a complete process.

The GPO has been discussing authentication for over a decade. In 2007, the GPO launched a beta test of an authentication certificate program, using the 110th Congress Public & Private Laws, which were made available on GPO Access. (19) Since then, the GPO has progressed to a full-blown authentication program with federal government documents made available on their document portal, FDsys. The technologies used by the GPO to ensure the integrity and authenticity of documents are "digital signatures on PDF files, cryptographic hash values in metadata, evidence of the trusted digital repository through the FDsys archive and access platforms, and demonstration of chain of custody." (20)

While perhaps a bit simplified, the GPO authentication process takes the following basic steps: (21)

* Steps While Posting Documents:

1. GPO applies a unique identification number to each document, referred to as a cryptographic hash.

2. Once a document has been stamped with its cryptographic hash, it is uploaded to FDsys, an advanced, permanent archive...