HOUSE BILL REPORT

SHB 1632

 

 

 

As Passed Legislature

 

Title:  An act relating to fraudulently obtaining or using digital signatures and digital certificates.

 

Brief Description:  Prescribing criminal penalties for fraudulently obtaining or using digital signatures and digital certificates.

 

Sponsors:  By House Committee on Technology, Telecommunications & Energy (originally sponsored by Representatives Ruderman, Anderson, Schual‑Berke and Casada; by request of Department of Information Services).

 

Brief History: 

Committee Activity: 

Technology, Telecommunications & Energy:  2/12/01, 2/26/01 [DPS].

Floor Activity:

Passed House: 3/9/01, 94-1.

Passed Senate: 4/4/01, 48-0.

Passed Legislature.

 

Brief Summary of Substitute Bill

 

$Establishes a class C felony offense for fraudulently using digital signatures and digital certificates.

 

 

HOUSE COMMITTEE ON TECHNOLOGY, TELECOMMUNICATIONS & ENERGY

 

Majority Report:  The substitute bill be substituted therefor and the substitute bill do pass. Signed by 19 members: Representatives Crouse, Republican Co‑Chair; Poulsen, Democratic Co‑Chair; Casada, Republican Vice Chair; Ruderman, Democratic Vice Chair; Anderson, Berkey, Bush, B. Chandler, DeBolt, Delvin, Esser, Hunt, Linville, Mielke, Morris, Pflug, Reardon, Simpson and Wood.

 

Minority Report:  Without recommendation. Signed by 1 member: Representative Cooper.

 

Staff:  Pam Madson (786‑7166).

 

Background:

 

Digital signature encryption systems are used to both protect the confidentiality of an electronic document and to authenticate its source or signer. 

 

These systems operate on the basis of two digital ?keys,@ or codes, created by the person desiring to send an encrypted message or document.  One key is the ?private@ key, which is known only to the signer of the electronic message or document, and the other is the signer=s ?public@ key, which is provided to the individuals with whom the sender wishes to exchange the confidential or authenticated message.  A message or document encrypted by the private key is digitally signed by the sender and the message then can be read only by those using the corresponding public key.  The public key is used to verify both that the message was signed by the person holding the private key and that the message itself was not altered during its transmission.

 

To ensure authenticity in the use of digital signatures, each public key is registered with a certification authority and is part of a digital signature certificate issued by the authority.  The certificate is a computer-based record that identifies the certification authority that issues it, names or identifies the subscriber (holder of the private key), and contains the public key.  This certificate is used to verify that the public key belongs to the person possessing the corresponding private key.  In this way, the identity of the signer of a document is verified.  Digital certificates can be used much like a driver=s license or a passport as electronic identification.

 

A person forges a digital signature when he or she creates a digital signature without authorization of the holder of the private key, or uses a digital signature where the subscriber in the digital certificate is a person that doesn=t exist or that does not hold the private key that corresponds to the public key in the certificate.

 

 

Summary of Bill: 

 

A criminal violation is established for fraudulent actions in applying for digital certificates and using digital signatures.

 

It is unlawful for a person to knowingly misrepresent his or her identity or authorization when obtaining a digital certificate.  It is also unlawful to knowingly forge a digital signature or use the signature of another person.  A violation of these provisions is a class C felony that carries a penalty of up to five years in prison or a fine of up to $10,000, or both.

 

 

Appropriation:  None.

 

Fiscal Note:  Requested on February 8, 2001.

 

Effective Date:  Ninety days after adjournment of session in which bill is passed.

 

Testimony For:  More and more transactions are moving from paper into the Internet.  With the rise in the use of digital signatures, the same protections against forgery in the paper world should exist against forgery in the digital world.  This bill makes forgery of digital signatures a crime.

 

Testimony Against:  None.

 

Testified:  Representative Laura Ruderman, prime sponsor; and Steve Kolodney and Carrie Tellefson, Department of Information Services.