Nearly everyone recognizes the Internets vast potential to remake government. Since the dawn of the Web, public officials have promoted the notion that online transactions between agencies and their constituents and business partners will spark huge gains in government efficiency and user-friendliness.
But moving face-to-face dealings into the virtual world comes with its share of challenges, not the least of which are verifying the identity of those involved in the transaction and shielding the entire matter from prying eyes. A growing number of states are turning to digital signature technology to solve these challenges and equip themselves to conduct some of governments most sensitive transactions electronically.
"There are a lot of states taking a look at PKI and deciding what to do now that Y2K is over," said Karen West, director of government services for Digital Signature Trust Co. (DST), a subsidiary of Zions First National Bank. The firm is working with Washington, Utah and other jurisdictions to create digital signature systems.
Washington and Illinois are among the first to roll out statewide implementations of public key infrastructure (PKI) technology that allow citizens, businesses and others to securely deal with government agencies over the Web. Both states began issuing digital identity certificates earlier this year. Unlike single-department solutions, these systems are meant to give citizens one digital signature to use in online dealings with any state or local government department and, particularly in the case of Washington, even private transactions.
PKI activity also appears to be picking up elsewhere across the nation. Utah is developing a similar system under a digital signature contract awarded last year. And other states, including Iowa and Virginia, reportedly are preparing RFPs for PKI systems.
Although Washington and Illinois agree that statewide digital signature systems promise to advance electronic government, they have taken somewhat different paths toward creating those systems. Under a master contract signed last year, DST acts as Washingtons certificate authority, verifying the identity of digital signature applicants, issuing digital certificates that serve as users online IDs and accepting liability for transactions based on those IDs. By contrast, Illinois operates its own certificate authority within the states data center.
Having a third party issue Washingtons digital certificates offers several benefits, said state CIO Steve Kolodney, including acceptance of the electronic signatures for a broad range of e-commerce activities.
"We decided on a third-party issuer because we wanted these signatures to be used in transactions with state government, but we also wanted to give our citizens the ability to use that same signature for other transactions of similar consequence, whether it be with federal government, other state governments or business," Kolodney said. "If we issued the certificates ourselves against a policy that wasnt rigorous enough to support these other uses, they wouldnt be acceptable to the federal government or in business-to-business transactions."
DSTs willingness to stand behind the accuracy of its digital identities was another key factor, he added. "As a state government, we did not want to take on that liability, but we wanted it to exist. We want the relying party to feel trust in the use of that certificate. Trust comes from a third party that says, We are sure enough about what we are doing to assume the liability and support of the transaction."
On the other hand, Illinois policymakers decided that issuing digital identifications was a natural extension of tasks already handled by state government. Illinois has invested approximately $2.5 million in computer hardware and PKI software to issue, store and manage digital identities for its residents. The system is run by the state Department of Central Management Services and uses PKI software from Entrust Technologies.
"If you think about how we distribute Social Security numbers or drivers license numbers or how we