SENATE BILL REPORT
SB 5308
As Reported By Senate Committee On:
Energy & Utilities, February 25, 1997
Title: An act relating to electronic signatures.
Brief Description: Regulating electronic signatures.
Sponsors: Senators Horn, Finkbeiner, Franklin, Fraser and Winsley; by request of Secretary of State.
Brief History:
Committee Activity: Energy & Utilities: 2/4/97, 2/25/97 [DPS].
SENATE COMMITTEE ON ENERGY & UTILITIES
Majority Report: That Substitute Senate Bill No. 5308 be substituted therefor, and the substitute bill do pass.
Signed by Senators Finkbeiner, Chair; Hochstatter, Vice Chair; Brown, Jacobsen, Rossi, Strannigan and Swanson.
Staff: Phil Moeller (786-7445)
Background: The 1996 Legislature enacted the AWashington Electronic Authentication Act,@ a measure that sets the initial guidelines for regulating electronic Adigital signatures.@ These digital signatures are used to authenticate an electronic transmission.
Digital signatures often involve usage of dual key encryption that uses two digital codes, referred to as Akeys.@ One key is secret, kept confidential by the user. The other key is a public key, more widely known. If a person wants to digitally sign a message, he or she may use the secret key to create a signature. The recipient then uses the sender=s public key to verify the source of the message. The public key will be listed on a certificate that includes additional information about the user and limitations relevant to the transactions. The certificate will be issued by a certification authority that will be responsible for verifying the status of the user.
The existing legislation is slated to become effective on January 1, 1998. The Office of the Secretary of State was given the responsibility of implementing and administering the legislation. A working group convened by the Secretary of State has met regularly to make implementation recommendations, including changes to the original act.
Summary of Substitute Bill: The Secretary of State (Secretary) is given the responsibility to adopt rules pertaining to when a certificate may be suspended or revoked. Provisions are added specifying when the Secretary may suspend or revoke a certification authority=s license to issue certificates.
Licenses are valid for a period of one year, except if the Secretary by rule allows for longer duration. The Secretary is required to provide for a system of license renewal to issue certificates.
Certification authorities are required to obtain a compliance audit at least once per year. Language is removed that specifies levels of compliance and exempts some certification authorities from being audited. Qualifications are listed for auditors that verify compliance audits.
Monetary penalty limits imposed by the Secretary on licensed certification authorities are raised to $10,000 per incident.
Certification authorities are required to use trustworthy systems and the Secretary may specify by rule conditions on the system. When issuing certificates, the requirements are expanded to include that the certificate must provide information to identify repositories in which any revocation will be listed. In an emergency, the Secretary may suspend a certificate for a period not to exceed 96 hours.
Provisions are added specifying that the Department of Information Services may become a licensed certification authority. Cities and counties may become licensed certification authorities for purposes of providing services to local governments if authorized by ordinance.
Provisions are added relating to the suspension of certificates, requirements on a licensed certification authority if it discontinues providing service, liability and damages, and relevant factors to be considered when evaluating reliance upon a certificate. Language is added specifying when a digital signature meets the requirements when a rule of law requires a signature, and when a digital signature meets requirements pertaining to notaries and property transactions. Persons may not refuse to honor certain court documents that are digitally signed.
The Secretary is given authority to adopt rules beginning July 27, 1997, but the rules may not become effective prior to January 1, 1998.
Substitute Bill Compared to Original Bill: Technical changes were made in the substitute. The substitute bill does not allow the Secretary to become a licensed certification authority. Liability limits and damages were further clarified. The substitute also clarified when digital signatures must be accepted.
Appropriation: None.
Fiscal Note: Available.
Effective Date: The bill takes effect on January 1, 1998; sections 24 and 28 take effect July 27, 1997.
Testimony For: This bill provides needed clarification on the legal details of regulating this industry. This is an industry that can have a big impact in promoting trade and making certain transactions easier.
Testimony Against: None.
Testified: Senator Jim Horn, prime sponsor; Ralph Munro, Secretary of State; Meara Nisbet, WA Bankers Association; Mike Rodin, UCC Committee, Washington Bar Association.