Z-1420.1  _______________________________________________

 

                          HOUSE BILL 2931

          _______________________________________________

 

State of Washington      55th Legislature     1998 Regular Session

 

By Representatives McMorris, Conway and B. Thomas; by request of Secretary of State

 

Read first time 01/22/98.  Referred to Committee on Commerce & Labor.

Refining electronic signature law.


    AN ACT Relating to electronic signatures; amending RCW 19.34.100; and adding a new section to chapter 19.34 RCW.

 

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF WASHINGTON:

 

    Sec. 1.  RCW 19.34.100 and 1997 c 27 s 3 are each amended to read as follows:

    (1) To obtain or retain a license, a certification authority must:

    (a) Be the subscriber of a certificate published in a recognized repository, which may include any repository maintained by the secretary;

    (b) Knowingly employ as operative personnel only persons who have not been convicted within the past ((fifteen)) seven years of a felony ((or)) and have ((ever [never])) never been convicted of a crime involving fraud, false statement, or deception.  The secretary may provide by rule for the manner in which criminal background information is provided as part of the licensing process.  For purposes of this provision, a certification authority knowingly employs such a person if the certification authority knew of a conviction, or should have known based upon the background information required by rule of the secretary;

    (c) Employ as operative personnel only persons who have demonstrated knowledge and proficiency in following the requirements of this chapter;

    (d) File with the secretary a suitable guaranty, unless the certification authority is a city or county that is self-insured or the department of information services;

    (e) Use a trustworthy system, including a secure means for limiting access to its private key;

    (f) ((Present proof to the secretary of having working capital reasonably sufficient, according to rules adopted by the secretary, to enable the applicant to conduct business as a certification authority;

    (g))) Maintain an office in this state or have established a registered agent for service of process in this state; and

    (((h))) (g) Comply with all further licensing requirements established by rule by the secretary.

    (2) The secretary must issue a license to a certification authority that:

    (a) Is qualified under subsection (1) of this section;

    (b) Applies in writing to the secretary for a license; and

    (c) Pays a filing fee adopted by rule by the secretary.

    (3) The secretary may by rule classify licenses according to specified limitations, such as a maximum number of outstanding certificates, cumulative maximum of recommended reliance limits in certificates issued by the certification authority, or issuance only within a single firm or organization, and the secretary may issue licenses restricted according to the limits of each classification.  The liability limits of RCW 19.34.280 do not apply to a certificate issued by a certification authority that exceeds the restrictions of the certification authority's license.

    (4) The secretary may revoke or suspend a certification authority's license, in accordance with the administrative procedure act, chapter 34.05 RCW, for failure to comply with this chapter or for failure to remain qualified under subsection (1) of this section.  The secretary may order the summary suspension of a license pending proceedings for revocation or other action, which must be promptly instituted and determined, if the secretary includes within a written order a finding that the certification authority has either:

    (a) Utilized its license in the commission of a violation of a state or federal criminal statute or of chapter 19.86 RCW; or

    (b) Engaged in conduct giving rise to a serious risk of loss to public or private parties if the license is not immediately suspended.

    (5) The secretary may recognize by rule the licensing or authorization of certification authorities by other governmental entities, provided that those licensing or authorization requirements are substantially similar to those of this state.  If licensing by another government is so recognized:

    (a) RCW 19.34.300 through 19.34.350 apply to certificates issued by the certification authorities licensed or authorized by that government in the same manner as it applies to licensed certification authorities of this state; and

    (b) The liability limits of RCW 19.34.280 apply to the certification authorities licensed or authorized by that government in the same manner as they apply to licensed certification authorities of this state.

    (6) Unless the parties provide otherwise by contract between themselves, the licensing requirements in this section do not affect the effectiveness, enforceability, or validity of any digital signature, except that RCW 19.34.300 through 19.34.350 do not apply to a certificate, and associated digital signature, issued by an unlicensed certification authority.

    (7) A certification authority that has not obtained a license is not subject to the provisions of this chapter, except as specifically provided.

 

    NEW SECTION.  Sec. 2.  A new section is added to chapter 19.34 RCW to read as follows:

    (1) The following information, when in the possession of the secretary, the department of information services, or the state auditor for purposes of this chapter, shall not be made available for public disclosure, inspection, or copying, unless the request is made under an order of a court of competent jurisdiction based upon an express written finding that the need for the information outweighs any reason for maintaining the privacy and confidentiality of the information or records:

    (a) A trade secret, as defined by RCW 19.108.010;

    (b) Information regarding the criminal background of an individual; and

    (c) Information regarding design, security, or programming of a computer system used for purposes of licensing or operating a certification authority or repository under this chapter.

    (2) The state auditor, or an authorized agent, must be given access to all information referred to in subsection (1) of this section for the purpose of conducting audits under this chapter or under other law, but shall not make that information available for public inspection or copying except as provided in subsection (1) of this section.

 


                            --- END ---