Jump to Content

Digital Signatures and the Electronic Authentication Act

Overview

In 1997, the State of Washington enacted the Electronic Authentication Act "to facilitate commerce by means of reliable electronic messages." This landmark act, one of the first of its kind in the United States, is designed to enhance economic development and trade through the use of digital signatures in electronic commerce.

The following overview was prepared by the Office of the Secretary of State, which developed the EAA and administers the EAA's stringent certification and operating standards.

 

What are digital signatures?

Written signatures indicate an individual's agreement to a document based on the assumption (sometimes verified by a notary public) that the signature is unique and authentic. Digital signatures do the same online, using various technologies that allow the receiver of the document to be certain of the identity of the person submitting the document.

Digital signatures are based on applied mathematics and the use of cryptographic algorithms. To create a digital signature the signer uses two "keys." These "keys" are extremely large numbers that have been uniquely assigned to the signer and are called the "private key" and the "public key." The signer uses the private key to sign an electronic document, and another person can then use the public key to verify that the signature is authentic. This verification process also establishes that the document was not altered as it was transmitted over the Internet.

 

How are digital signatures verified?

An important element in this process is an intermediary called a "certification authority." It is the certification authority's job to establish the link between the signer and the keys used to create the digital signature. In essence, the certification authority reviews the signer's identification documents, such as a driver's license or passport, and then certifies that the person who is using the keys is actually the person they claim to be. Anyone who wishes to verify a digital signature may then rely on the certification authority's identification of the person instead of having to personally review the signer's identification documents. In this way, digital signatures work much in the same way as signature cards kept on file by banks which are taken out when needed to verify authenticity.

The digital signature is often invisibly attached to a submitted document in the form of an encrypted "certificate." This "certificate" would look like a scrambled series of letters and numbers if it were printed out. The person receiving the certificate would have software that could automatically decrypt the certificate and authenticate the signer's identity using the signer's public key. In this way digital signature technology adds little or no additional inconvenience to the transaction or communication.

 

What are the uses of digital signatures?

Digital signature certificates issued by certification authorities are already important security elements of Netscape and Microsoft Internet browsers. In this capacity they are often used to identify the persons who are viewing Internet sites, and provide enhanced password protection allowing individuals access to otherwise restricted information.

Using digital signatures, individuals will be able to leverage the power of the personal computer and the Internet to avoid much of the drudgery of paperwork. It will also allow companies to save significant portions of the money they are currently spending filing and storing forms they must now deal with on paper. Similarly, it will result in a substantial cost savings for government agencies which may use those paper forms.

Perhaps most importantly, because of the high reliability of digital signatures courts can affirmatively recognize duties and obligations which are entered into online. This means that contracts or other transactions which may be entered into over the Internet can be upheld in court if there is a breach of the agreement. In this way, businesses can make significant purchases or sales online with confidence, and without the need for expensive travel or delay waiting to close an agreement.

 

Why should governments get involved in digital signature legislation?

The most significant benefit of digital signature legislation is that it provides a stable framework for certification authorities and other businesses to participate in secure electronic commerce. It does this by providing assurances to the certification authority that if certain steps are taken the state will recognize the reliability of their services, and grant them protection from certain types of potential legal liability.

The steps that certification authorities are required to take include using computer systems that are trustworthy and secure, providing consumers with adequate knowledge of the certification authority's practices and procedures, and making sure that the systems are being operated by trustworthy and competent individuals. The failure of a certification authority to take these steps could result not only in harm to individuals and businesses, but could also erode public confidence in electronic commerce.

These potential benefits of electronic commerce are substantial. They include increased rural economic development as well as expanded opportunities for international trade. Businesses, both large and small, will find openings to new markets, and consumers will benefit from the added