HOUSE BILL ANALYSIS

                     HB 2931

 

 

Brief Description:  Refining electronic signature law.

 

Sponsors:  Representatives McMorris, Conway and B.Thomas; by request of Secretary of State.

 

                  Hearing:  February 4, 1998

 

BACKGROUND:

 

On January 1, 1998, the Washington Electronic Authentication Act became effective.  This law allows the use of digital signature technology in electronic transactions and creates a process for licensing certification authorities. 

 

Digital signature encryption systems are used to both protect the confidentiality of an electronic document and authenticate its source.  These systems operate on the basis of two digital keys, or codes, created by the person desiring to send encrypted messages.  One key is the Aprivate@ key, which is known only to the signer of the electronic message, and the other is the signer=s Apublic@ key, which is given to individuals with whom the sender wishes to exchange the confidential or authenticated message.  The public key is used to verify both that the message was signed by the person holding the private key and that the message itself was not altered during its transmission. 

To verify the ownership of public keys, each public key is provided with a computer-based certificate of authenticity.  These certificates are created by Acertification authorities,@ which guarantee that the public keys they certify belong to the people possessing the corresponding private keys.

 

To qualify for a license, a certification authority must be a subscriber of a certificate published in a recognized repository.  The authority may not hire persons who have been convicted of a felony in the past 15 years or have been convicted of a crime involving fraud, false statement or deception.  The authority must also present proof of sufficient working capital to operate as a certification authority. 

 

Certain information regarding trade secrets, information on criminal background of individuals  or information on design, security or programing of computer systems used for licensing in the possession of government agencies are not specifically exempt from public disclosure.

 

The office of the Secretary of State has responsibility for implementing and administering the Electronic Authentication Act.  A working group convened by the Secretary of State to assist with implementation has recommended a number of changes to the original act.  The changes relate primarily to the licensing requirements and procedures for certification authorities.

 

SUMMARY OF BILL:

 

Licensing requirement for certification authorities under the Washington Electronic Authentication Act are modified.  The requirement that the certification authority be a subscriber to a certificate published in a recognized repository may include the Secretary of State acting as a repository.  An authority may not hire a person who has been convicted of a felony in the past 7 rather than 15 years.  To violate this requirement, the authority must knowingly hire a person with a felony conviction.  If criminal background is provided as part of the licensing process, the authority is assumed to have knowledge of that background and any felony conviction contained in it.

 

The requirement that the certification authority provide proof of sufficient operating capital to function as an authority is removed as a licensing requirement.

 

Information regarding trade secrets, information on criminal background of individuals or on the design, security or programing of computer systems used for licensing in the possession of government agencies is protected from public disclosure.  The state auditor is authorized to have access to this information but is not authorize to disclose it to the public for inspection or copying.

 

RULES AUTHORITY:  The bill does not contain provisions addressing the rule making powers of an agency.

 

FISCAL NOTE:  Not requested.

 

EFFECTIVE DATE:  Ninety days after adjournment of session in which bill is passed.