Washington State House of Representatives Office of Program Research | BILL ANALYSIS |
Innovation, Technology & Economic Development Committee |
SB 5501
This analysis was prepared by non-partisan legislative staff for the use of legislative members in their deliberations. This analysis is not a part of the legislation nor does it constitute a statement of legislative intent. |
Brief Description: Repealing the electronic authentication act.
Sponsors: Senators Zeiger and Hunt; by request of Secretary of State.
Brief Summary of Bill |
|
Hearing Date: 3/19/19
Staff: Yelena Baker (786-7301).
Background:
Electronic Signatures in Global and National Commerce Act.
The federal Electronic Signatures in Global and National Commerce Act of 2000 (ESIGN Act) allows the use of electronic records and signatures to satisfy any statutes, regulations, or rules of law requiring that such information be provided in writing, if the consumer has consented to its use, and has not withdrawn consent. Before obtaining a consumer's consent, the entity requiring electronic records must disclose the consumer's right to use paper documents and the process for obtaining them, whether the consent applies only to the particular transaction or to an entire category of documents, and the procedures for withdrawing consent.
The ESIGN Act also gives legal effect to contracts or other records that are created, generated, sent, communicated, received, or stored by electronic means, and signed with an electronic signature. Certain controls are required to ensure that the system used reliably establishes that the person controlling the record is the person to which the record was transferred.
Use of Electronic Signatures by State Agencies.
Washington state law provides that state and local agencies may use and accept electronic signatures with the same force and effect as that of a signature affixed by hand, and where a "writing" is required by statute, an electronic record may be used. "Electronic signature" means an electronic sound, symbol, or process attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.
Each agency may determine whether and to what extent it uses and relies on electronic records and electronic signatures. A state agency is not required to send or accept electronic records or electronic signatures for an agency transaction. The state Chief Information Officer (CIO) establishes standards, policies, or guidance for electronic submissions and signatures, taking into account reasonable access and reliability for persons participating in governmental affairs and transactions. A state agency's policy or rule on electronic submissions and signatures must be consistent with policies established by the CIO. The CIO maintains a website that links to agencies' rules and policies for electronic records and signatures.
Washington Electronic Authentication Act.
The Washington Electronic Authentication Act (WEAA) was enacted in 1996 for the purpose of facilitating commerce by means of reliable electronic messages, to ensure legal recognition of electronic signatures, and to minimize the incidence of forged digital signatures and fraud in electronic commerce.
The focus of the WEAA is digital signatures, which are a subset of electronic signatures that uses secure technology to verify the user's identity and the integrity of the transaction. "Digital signature" is defined in the WEAA as an electronic signature that is a transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer's public key can accurately determine: (1) whether the transformation was created using the private key that corresponds to the signer's public key; and (2) whether the initial message has been altered since the transformation was made. "Electronic signature" is defined in the WEAA as a signature in electronic form attached to or logically associated with an electronic record, including but not limited to a digital signature.
Where a law requires a signature, or provides certain consequences in the absence of a signature, the WEAA establishes that the law is satisfied by a digital signature if the following conditions are met:
the digital signature must be verified by reference to the public key listed in a valid certificate issued by a licensed certification authority;
the digital signature must have been affixed by the signer with the intention of signing the message; and
the recipient has no knowledge or notice that the signer either breached a duty as a subscriber or does not rightfully hold the private key used to affix the digital signature.
The Office of the Secretary of State is responsible for implementing and administering the WEAA and has the authority to regulate:
the licensing of certification authorities, who issue digital certificates verifying the authenticity of digital signatures;
the qualifications of operative personnel, who act as the agents of licensed certification authorities; and
the recognition of repositories, which are systems for storing and receiving digital certificates and other information relevant to digital certificates.
The Secretary of State may investigate the activities of a licensed certification authority and order monetary penalties for noncompliance. In the case of a state agency authorized by law to be a licensed certification authority, the sole penalty imposed must consist of specific findings of noncompliance and an order requiring compliance.
The Secretary of State maintains public lists of licensed certification authorities and recognized repositories. Currently, there are no licensed certification authorities or recognized repositories listed by the Secretary of State.
Summary of Bill:
The Washington Electronic Authentication Act (WEAA) is repealed.
All statutory references to the WEAA, including references to the definition for "digital signature" and "electronic signature" contained in the WEAA are removed from the statute.
The WEAA definition of "digital signature" is added to other statutes that will continue to use the term after the repeal of the WEAA.
The WEAA definition of "electronic signature" used in other statutes is replaced with a reference to the definition of that term in state laws related to electronic signatures and records.
Appropriation: None.
Fiscal Note: Available.
Effective Date: The bill takes effect 90 days after adjournment of the session in which the bill is passed.