BILL ANALYSIS �
SENATE JUDICIARY COMMITTEE A
Charles M. Calderon, Chairman B
1995-96 Regular Session
1
5
7
7
AB 1577 (Bowen)
As amended on June 19, 1995
Hearing date: June 27, 1995
Government Code
GEH:cb
TRANSACTIONS WITH PUBLIC ENTITIES
DIGITAL SIGNATURES
HISTORY
Source: Author
Related Pending Legislation: None Known
Assembly Floor Vote: 65-4
Assembly Committee on Consumer Protection Vote: 14-0
KEY ISSUE
1. SHOULD "DIGITAL SIGNATURES" USED IN TRANSACTIONS WITH PUBLIC
ENTITIES HAVE THE SAME FORCE AND EFFECT AS THE USE OF A MANUAL
SIGNATURE?
(more)
�
2. DOES THIS BILL, AND SHOULD THIS BILL, SUPERSEDE RATHER THAN
SUPPLEMENT PREVIOUS STATUTES RELATED TO ELECTRONIC SIGNATURES?
A. SHOULD THE SCOPE OF THE TERM "TRANSACTION" BE CLARIFIED?
B. DOES THIS BILL, AND SHOULD THIS BILL, REQUIRE ALL
DIGITAL SIGNATURES IN TRANSACTIONS WITH PUBLIC ENTITIES TO
CONFORM TO ITS REQUIREMENTS?
(more)
�
AB 1577 (Bowen)
Page 3
PURPOSE
The purpose of this bill is to allow public entities to engage in
"electronic commerce" by authorizing the use of "digital
signatures."
Existing law defines "public entities" as the State, the Regents of
the University of California, a county, city, district, public
authority, public agency, and any other political subdivision or
public corporation in the State (Section 811.2 of the Government
Code).
Several different Codes contain virtually identical definitions of
"signature", providing that the term includes a mark when the signer
or subscriber cannot write. (Government Code Section 17, Civil Code
Section 14; Code of Civil Procedure Section 17, Revenue and Taxation
Code Section 18).
Various statutes require public entities to evidence that various
acts or transactions have been authorized by a writing secured by
the signature of designated officials. Section 11100 of the
Government Code authorizes the Controller and other State disbursing
officers to use a facsimile signature machine to sign or countersign
warrants and checks.
There are several recent statutes addressing the issue of
governmental actions conducted through electronic transmissions, and
of how such transmissions can be "signed."
1. Section 1600 of the Public Contract Code, enacted in 1993 by AB
565 (Polanco), provides that notwithstanding any other provision
of law, state agencies may enter into and make payments on
contracts by way of electronic transmission. This section does
not provide for how to "sign" such contracts.
2. Section 14608 of the Government Code, enacted last year by AB
2887 (Seastrand), provides that in any statute which requires
the Department of General Services to approve or authorize any
act or transaction "in writing," the term "in writing" includes
a " secured electronic signature."
(more)
�
AB 1577 (Bowen)
Page 4
3. Section 71060 et. seq. of the Public Resources Code, enacted
last year by AB 3537 (Sher), requires the California
Environmental Protection Agency (Cal EPA) to establish a
standardized electronic format and protocol for the exchange of
electronic data for the purpose of meeting data requirements
imposed in the course of granting environmental permits or other
authorizations to operate. Section 71066 requires the Secretary
to prescribe one or more techniques by which electronically
submitted reports can be signed electronically, and it provides
that such electronic
(more)
�
AB 1577 (Bowen)
Page 5
signatures "shall be binding on all persons and for all purposes
under the law as if the signature had been made in ink..."
4. Section 1795.28 of the Health and Safety Code requires licensed
providers of health care services who use electronic
recordkeeping to store patient records to develop policies and
procedures to prevent unauthorized access to those records
through authentication by "electronic signature keys."
5. The California Rules of Court, as authorized by Section 1012.5
of the Code of Civil Procedure, allow for filing of documents
with a court over a fax machine (Rule 2005). A party who files
or serves a signed document by fax represents that the original
signed document is in his or her possession or control.
6. Section 863 of the Food and Agriculture Code provides that "data
obtainable by electronic transmission which is accessible to a
common carrier" may serve as proof of ownership of agricultural
commodities. This section contains no provision for verifying
the authorization of such electronic data through an "electronic
signature".
This bill provides that in any transaction in which a public entity
is a party, the use by any party to that transaction of a "digital
signature" shall have the same force and effect as the use of a
manual signature.
"Digital signature" is defined as an electronic identifier, created
by computer, that embodies all of the following attributes:
1. It is unique to the person using it.
2. It is capable of verification.
3. It is under the sole control of the person using it.
4. It is linked to data in such a manner that if the data is
changed, the digital signature is invalidated.
5. It conforms to regulations adopted by the Secretary of State.
The bill requires the Secretary of State to adopt initial
(more)
�
AB 1577 (Bowen)
Page 6
regulations by no later than January 1, 1997.
The bill makes clear that the use or acceptance of a digital
signature shall be at the option of the parties, and that nothing in
the bill requires a public entity to use or permit the use of a
digital signature. The bill simply provides that if a party does
choose to use a digital signature complying with this bill's
requirements, that signature will have full force and effect.
(more)
�
AB 1577 (Bowen)
Page 7
1. "Digital signatures"
Although the term "digital signature" is still a semantic
novelty, the concept has been put to use in private sector
electronic transactions for the last decade.
Generating a digital signature involves sophisticated
cryptographic software which generates "private keys" and
"public keys." "Keys" are sequences of bits in something called
an "asymmetric cryptosystem." When a sender creates an
electronic document and "locks" it with the sender's "private
key," the document can be opened only by a recipient who has
been given access to the sender's "public key." The link
between the private and public key is the proof that the
document originated with the sender.
The supporters of this measure believe that, unless governmental
entities get more active in electronic commerce and the use of
such digital signatures, they are in danger of getting left
behind as the private sector zooms its way down the Information
Superhighway. According to the California Bankers Association:
"Without question, electronic commerce is here and increasing at
a geometric rate.... Digital signatures are an essential
component of true, secure electronic commerce. By allowing
public entities to engage in transactions which utilize digital
signature technology, AB 1577 will allow the public sector to
participate in the development and enhancement of electronic
commerce rather than being left behind. Moreover, given the
sheer size of government's role in commerce generally, this
participation will speed the development and utilization of
digital signature standards."
In 1991, the Comptroller General of the United States issued a
decision holding that contracts formed using "electronic data
interchange" technology, including digital signatures,
constitute valid obligations of the government under applicable
federal statutes, so long as the technology used provides the
same degree of assurance and certainty as traditional "paper and
ink" methods of contract formation.
(more)
�
AB 1577 (Bowen)
Page 8
This year the State of Utah was the first state to pass
comprehensive digital signature legislation. It authorizes the
use of digital signatures by entities issued such signatures by
licensed private certification authorities. The Utah
legislation contains complex details specifying the type of
cryptographic systems to be used.
Earlier versions of this bill adopted the Utah model of using
third party certification authorities. The current version of
the bill adopts a much simpler approach of leaving all of the
details of how digital signatures should be used and verified to
regulations which must be adopted by the Secretary of State.
2. Relationship of this bill to previous legislation
It is not clear whether this bill is intended to supersede, or
only to supplement, the previously enacted electronic signature
legislation listed above. To resolve this issue, two
ambiguities in the bill must be clarified: a) whether the term
"transaction" includes regulatory as well as commercial acts by
public entities; and b) whether conformity to the Secretary of
State's regulations is necessary in order for any digital
signature to be valid in a transaction with a public entity.
a) Scope of term "transaction"
This bill only applies to "transactions" in which a
public entity is a party. The problem is that public
entities can be involved in several distinct types of
"transactions:" 1) commercial transactions in which the
other party to the transaction is voluntarily buying or
selling something from the public entity; and 2) regulatory
transactions, in which the public entity exercises its
governmental powers to prohibit or authorize some action by
the other party; 3) legal transactions like memorandums of
understanding in which one public entity enters into an
agreement with another public entity related to the scope of
each entity's authority over a particular matter.
It is not clear if the author intends the bill to apply
to all of these types of "transactions", or only to
commercial transactions.
(more)
�
AB 1577 (Bowen)
Page 9
SHOULD THE TERM "TRANSACTION" BE DEFINED?
b) Is this bill supposed to be the only game in town?
It is not clear if the five required attributes of a
"digital signature" under this bill are necessary for any
digital, or electronic, signature to be valid in a
transaction with a public entity. If this is the case, then
this bill would effectively supersede the statutes enacted
last year authorizing the use of digital signatures in
transactions and acts involving DGS and Cal EPA, by allowing
those agencies to use or accept digital signatures only if
the signatures conform to the regulations this bill requires
the Secretary of State to develop. (If the bill is limited
to commercial transactions, it would not supersede the Cal
EPA statute.)
SHOULD THE BILL BE AMENDED TO CLARIFY THE RELATIONSHIP
BETWEEN THIS BILL AND EXISTING ELECTRONIC SIGNATURE LAWS?
(more)
�
AB 1577 (Bowen)
Page 10
Support: Secretary of State Bill Jones; California Bankers
Association; RSA Data Security; Octel Communications;
AT&T; IBM; Wells Fargo Bank
Opposition: Department of Finance
Prior Legislation: AB 2877 (1994) Chaptered
AB 3537 (1994) Chaptered
AB 3163 (1994) Chaptered
AB 565 (1994) Chaptered
**********