SENATE BILL REPORT
ESB 6582
As Passed Senate, February 13, 1998
Title: An act relating to electronic signatures.
Brief Description: Refining electronic signature law.
Sponsors: Senators Finkbeiner, Horn and Fraser; by request of Secretary of State.
Brief History:
Committee Activity: Energy & Utilities: 2/2/98 [DPA].
Passed Senate, 2/13/98, 47-0.
SENATE COMMITTEE ON ENERGY & UTILITIES
Majority Report: Do pass as amended.
Signed by Senators Finkbeiner, Chair; Hochstatter, Vice Chair; Brown, Jacobsen, Rossi, T. Sheldon and Strannigan.
Staff: Andrea McNamara (786-7483)
Background: The 1996 Legislature enacted the AWashington Electronic Authentication Act,@ a measure that established the initial guidelines for regulating electronic Adigital signatures.@ These digital signatures are used to authenticate electronic transmissions. The act took effect on January 1, 1998.
The office of the Secretary of State has responsibility for implementing and administering the legislation. A working group convened by the Secretary of State recommended a number of changes to the original act which were enacted in 1997. The changes related to primarily to the licensing requirements and procedures for certification authorities.
Certification authorities are people or entities licensed by the state to issue certificates verifying specified information related to the authenticity of electronic transmissions. Current licensing requirements for certification authorities include the following, among others: (1) being subscribers of certificates published in recognized repositories; (2) hiring only persons who have not been convicted within the past fifteen years of a felony and have never been convicted of a crime involving fraud, false statement, or deception; and (3) presenting proof of sufficient working capital to conduct business as a certification authority.
The Secretary of State is requesting this legislation to make additional changes to the licensing requirements for certification authorities.
Summary of Bill: Three changes to the licensing requirements for certification authorities are made:
(1) A certification authority may be the subscriber of a certificate published in any repository maintained by the Secretary of State.
(2) A certification authority may not knowingly employ as operative personnel anyone who has been convicted of a felony within the past seven years or anyone who has ever been convicted of a crime involving fraud, false statement, or deception. The Secretary of State may authorize, in rule, how criminal background information is to be provided as part of the licensing process. A certification authority knowingly employs such a person if the authority knew or should have known of the conviction based upon the background information required by rule of the secretary.
(3) The requirement to present proof of sufficient working capital is eliminated.
An exemption from public disclosure, inspection, or copying is added for the following information: (1) trade secrets; and (2) information regarding the design, security, or programming of a computer system used for licensing or operating a certification authority or repository. Clarification is added that the State Auditor, or an authorized agent, continues to have access to this information for the purpose of conducting audits.
Appropriation: None.
Fiscal Note: Not requested.
Effective Date: Ninety days after adjournment of session in which bill is passed.
Testimony For: These are necessary amendments that have been reviewed and approved by the digital signature task force to strengthen the law and remove unnecessary impediments to the licensing of certification authorities. Protecting the confidentiality of information regarding the design and operation of computer systems used by certification authorities is critical to protecting the integrity of the systems from hackers.
Testimony Against: None.
Testified: PRO: Mike Ricchio, David Billeter, Secretary of State=s Office; Joshua Schmidt, State Auditor=s Office; Linda MacKintosh, I. D. Certify; Dave Danner, DIS.