FINAL BILL REPORT

                 SHB 2931

                          C 33 L 98

                     Synopsis as Enacted

 

Brief Description:  Refining electronic signature law.

 

Sponsors:  By House Committee on Commerce Labor (originally sponsored by Representatives McMorris, Conway and B. Thomas; by request of Secretary of State).

 

House Committee on Commerce & Labor

Senate Committee on Energy & Utilities

 

Background:  On January 1, 1998, the Washington Electronic Authentication Act became effective.  This law allows the use of digital signature technology in electronic transactions and creates a process for licensing certification authorities. 

 

Digital signature encryption systems are used to both protect the confidentiality of an electronic document and authenticate its source.  These systems operate on the basis of two digital keys or codes created by the person desiring to send encrypted messages.  One key is the private key, which is known only to the signer of the electronic message, and the other is the signer's public key, which is given to individuals with whom the sender wishes to exchange the confidential or authenticated message.  The public key is used to verify both that the message was signed by the person holding the private key and that the message itself was not altered during its transmission. 

 

To verify the ownership of public keys, each public key is provided with a computer-based certificate of authenticity.  These certificates are created by certification authorities, which guarantee that the public keys they certify belong to the people possessing the corresponding private keys.

 

To qualify for a license, a certification authority must be a subscriber of a certificate published in a recognized repository.  The authority may not hire persons who have been convicted of a felony in the past 15 years or have been convicted at anytime of a crime involving fraud, false statement or deception.  The authority must also present proof of sufficient working capital to operate as a certification authority. 

 

Certain information regarding trade secrets or information on design, security, or programing of computer systems used for licensing in the possession of government agencies are not specifically exempt from public disclosure.

 

The Office of the Secretary of State has responsibility for implementing and administering the Electronic Authentication Act.  A working group convened by the Secretary of State to assist with implementation recommended a number of changes to the original act.  The changes relate primarily to the licensing requirements and procedures for certification authorities.

 

Summary:  Licensing requirements for certification authorities under the Washington Electronic Authentication Act are modified.  The requirement that the certification authority be a subscriber to a certificate published in a recognized repository may include the Secretary of State acting as a repository.  An authority may not hire a person who has been convicted of a felony in the past seven rather than 15 years.  The authority violates this provision if it knowingly hires a person with a felony conviction.  If criminal background is provided as part of the licensing process, the authority is assumed to have knowledge of that background and any felony conviction contained in it.

 

The requirement that the certification authority provide proof of sufficient operating capital to function as an authority is removed as a licensing requirement.

 

Information regarding trade secrets and the design, security or programing of computer systems used for licensing in the possession of government agencies is protected from public disclosure.  The state auditor is authorized to have access to this information but is not authorized to disclose it to the public for inspection or copying.

 

Votes on Final Passage:

 

House960

Senate451

 

Effective:June 11, 1998