HOUSE BILL REPORT

                 ESB 6582

 

             As Reported By House Committee On:

                      Commerce & Labor

 

Title:  An act relating to electronic signatures.

 

Brief Description:  Refining electronic signature law.

 

Sponsors:  Senators Finkbeiner, Horn and Fraser; by request of Secretary of State.

 

Brief History:

  Committee Activity:

Commerce & Labor:  2/23/98, 2/26/98 [DP].

 

HOUSE COMMITTEE ON COMMERCE & LABOR

 

Majority Report:  Do pass.  Signed by 8 members:  Representatives McMorris, Chairman; Honeyford, Vice Chairman; Conway, Ranking Minority Member; Wood, Assistant Ranking Minority Member; Boldt; Clements; Hatfield and Lisk.

 

Staff:  Pam Madson (786-7166).

 

Background:  On January 1, 1998, the Washington Electronic Authentication Act became effective.  This law allows the use of digital signature technology in electronic transactions and creates a process for licensing certification authorities.

 

Digital signature encryption systems are used to both protect the confidentiality of an electronic document and authenticate its source.  These systems operate on the basis of two digital keys, or codes, created by the person desiring to send encrypted messages.  One key is the "private" key, which is known only to the signer of the electronic message, and the other is the signer's "public" key, which is given to individuals with whom the sender wishes to exchange the confidential or authenticated message.  The public key is used to verify both that the message was signed by the person holding the private key and that the message itself was not altered during its transmission.

 

To verify the ownership of public keys, each public key is provided with a computer-based certificate of authenticity.  These certificates are created by "certification authorities," which guarantee that the public keys they certify belong to the people possessing the corresponding private keys.

 

To qualify for a license, a certification authority must be a subscriber of a certificate published in a recognized repository.  The authority may not hire persons who have been convicted of a felony in the past 15 years or have been convicted of a crime involving fraud, false statement or deception.  The authority must also present proof of sufficient working capital to operate as a certification authority.

 

Certain information regarding trade secrets or information on design, security or programing of computer systems used for licensing in the possession of government agencies are not specifically exempt from public disclosure.

 

The office of the Secretary of State has responsibility for implementing and administering the Electronic Authentication Act.  A working group convened by the Secretary of State to assist with implementation has recommended a number of changes to the original act.  The changes relate primarily to the licensing requirements and procedures for certification authorities.

 

Summary of Bill:  Licensing requirements for certification authorities under the Washington Electronic Authentication Act are modified.  The requirement that the certification authority be a subscriber to a certificate published in a recognized repository may include the Secretary of State acting as a repository.  An authority may not hire a person who has been convicted of a felony in the past seven rather than 15 years.  To violate this requirement, the authority must knowingly hire a person with a felony conviction.  If criminal background is provided as part of the licensing process, the authority is assumed to have knowledge of that background and any felony conviction contained in it.

 

The requirement that the certification authority provide proof of sufficient operating capital to function as an authority is removed as a licensing requirement.

 

Information regarding trade secrets and the design, security or programing of computer systems used for licensing in the possession of government agencies is protected from public disclosure. The state auditor is authorized to have access to this information but is not authorized to disclose it to the public for inspection or copying.

 

Appropriation:  None.

 

Fiscal Note:  Not requested.

 

Effective Date:  Ninety days after adjournment of session in which bill is passed.

 

Testimony For:  This bill is the same as Substitute House Bill 2931 that was passed to the Senate.  Reducing the number of years required for criminal background checks will reduce the expense of providing background checks.  The standard background check is seven years rather than 15.  By adding the term "knowingly," a certification authority would not be liable for hiring someone who had been convicted of a felony if the background check did not disclose the felony and a criminal conviction was disclosed later.  The requirement for disclosing working capital in the application process is eliminated because it has been found not to be a very good indicator of fitness for business in this industry.  There is a requirement for bonding that is a better indicator.  Other changes remove some unnecessary administrative burdens and at the same time ensures the integrity and security of digital signature services.

 

Testimony Against:  None.

 

Testified:  (In favor)  Mike Riccio, Secretary of State; and David Danner, Department of Information Services.