PROBLEM/SITUATION: Digital signatures are not yet legal in many states.
SOLUTION: Utah's digital signature law.
JURISDICTION: Utah Department of Commerce.
VENDORS/GROUPS: Rankin Technology Group, Informix, Four Gen.
USER CONTACT: George R. Danielson, 801/530-6421;
Utah, which in early 1995 was the first state to pass a digital signature act, has created a model now being followed across the nation. California followed Utah's lead last year by passing similar statutes. The American Bar Association has proposed a draft model for national legislation based on Utah's example. The idea is catching on in other nations too. Canadian provinces, Chile, and others are setting up digital signature infrastructures.
The new state laws in California and Utah provide the legal framework to make digital signatures as binding as pen on paper -- a necessary step for widespread employment of electronic commerce -- as well as create a system for ensuring the integrity of digital signatures.
IMPORTANCE OF INFRASTRUCTURE
A digital signature is a way to authenticate both electronic documents and the signatories of the documents. Before the Utah law passed, parties in that state could set up a digital signature system by contract. But this approach has been unworkable for the state's courts, who have been reluctant to sign a new contract every time they wish to accept a digital signature.
With the new guidelines for a digital signature infrastructure, the state courts hope to create a new electronic records system that will allow attorneys to file documents and courts to issue search warrants electronically. Ultimately, police officers in the field may be able to download warrants directly to their laptops and rapidly execute searches.
Other Utah legal experts view access to a wide array of electronic court documents as a boon to attorneys and clients alike. A legal process called discovery now requires the delivery of signed paper documents related to evidence expected to be presented in trial to all parties involved in a case. Pages of questions are typed and retyped by each law office, and couriers race between them.
But if electronic discovery documents and digital signatures become the norm, parts of these documents will only have to be entered into a computer once. Then the documents can be distributed electronically to all parties simultaneously, with the parties assured that the documents are official.
Courts and attorneys are not the only ones looking for ways to incorporate the use of digital signatures into their organizations. The Department of Commerce, the state agency responsible for implementing the new law, plans to take corporate and Uniform Commercial Code filings electronically. The Department of Human Services is exploring the use of digital signatures as part of an electronic contracting system. Currently, state agencies often require multiple copies of contracts to be signed by six or more parties. In the future, contracts may be written, distributed, signed and stored all from the signers' e-mail boxes.
The Utah State Tax Commission would like to use digital signatures with electronic tax filings. However, according to Janice Perry, Tax Commission spokeswoman, any future implementation will be coordinated with the IRS so that both agencies are "headed in the same direction."
SAVINGS AND COSTS
Government and industry interest in digital signature technology is expanding, mainly because electronic communication has become widespread. Electronic commerce is also getting more attention by companies looking to get into untapped markets. Digital signatures are needed for electronic commerce and official communication so that electronic transactions can be done with as much confidence as a signed paper contract or document.
But digital signatures can save money by reducing the amount of paper in an office. George Danielson, digital signatures coordinator for the Utah Division of Corporations and
Commercial Code, argues that once an organization purchases the equipment, it quickly pays for itself through a reduction in clerical time. A machine can send, receive, read and sort electronic files with minimal human intervention.
Also, using electronic documents can dramatically reduce retrieval time when searching for document types and case numbers. Digital signatures coupled with workflow software can also reduce the time that paper sits on desk in-baskets.
Still, the future is not without pitfalls. Some major issues remaining include who would build and pay for the infrastructure and what the cost for users will be. In Utah, explained Danielson, "the private sector will build it and the government will only lightly regulate it."
He believes that the market will determine the cost for creating, authenticating and storing public keys, rather than government regulation. Higher fees will be charged depending on the exposure of the certification authority. For example, a higher fee would be charged for a $100 million signature key than for a $50 key.
"You will have the large national banks that are certification authorities," Danielson continued. "They will do the high-risk things for a high fee. And you will have your Nick and Tony's Body Shop with digital signature capability on the corner that will give you a $250 key that will allow you to make a purchase from the Sears Catalog over the Internet." Still, the ultimate cost to government for access to digital signatures remains a question mark. But Danielson is convinced that the savings will outweigh the costs.
Whatever the cost, digital signatures are coming. Once the infrastructure is built and tested, an electronic John Hancock may become as much a part of your life as your old pen-based signature.
Alan Sherwood is a freelance writer who lives in Salt Lake City.
To explain how digital signatures work, a bank safety deposit box makes a good analogy. Two keys are needed to open and close the document, or deposit box. When a deposit box is locked, the bank retains one key, called a public key, while the client has the other, called a private key. The private key is always to be kept in confidence by its owner.
Both keys are used to create a digital signature, which is actually an encrypted message. To decrypt the document, the receiver must get the sender's public key. The software recognizes if the message was opened in transit because the secret key is needed to properly reclose it.
The infrastructure being created in Utah utilizes third parties who register and hold public-key data. The third party creates and certifies the public key, and will provide it to those receiving a signed message from a registered client. The third parties, whose role is similar to notary publics, ensure the identity of the public key holder and are intended to ensure system integrity.
For a full explanation of public and private keys, see "Access," Government Technology, December 1995.