Senate Bill No. 639
(By Senators Fanning, Harrison and Minard)
____________
[Introduced March 21, 2005; referred to the Committee
on the Judiciary.]
____________
A BILL to amend and reenact §39A-3-1, §39A-3-2 and §39A-3-3 of the
Code of West Virginia, 1931, as amended, all relating to
digital signatures generally; defining certain terms;
providing for use of an electronic postmark; authorizing
promulgation of an emergency rule; and authorizing use of a
federal certificate authority and repository program.
Be it enacted by the Legislature of West Virginia:
That §39A-3-1, §39A-3-2 and §39A-3-3 of the Code of West
Virginia, 1931, as amended, be amended and reenacted, all to read
as follows:
ARTICLE 3. DIGITAL SIGNATURES; STATE ELECTRONIC RECORDS AND
TRANSACTIONS.
§39A-3-1. Definitions.
(1) "Certificate" means a computer-based record that:
(A) Identifies the certification authority issuing it;
(B) Names or identifies its subscriber;
(C) Contains the subscriber's public key; and
(D) Is digitally signed by the certification authority issuing
it.
(2) "Certification authority" means a person who issues a
certificate.
(3) "Digital mark" consists of an electronic code indicating
approval or confirmation which is entered into a protected digital
record following access protocols which identify the user and
require a password, personal identification number, encrypted card
or other security device which restricts access to one or more
authorized individuals; and
(4) "Digital signature" consists of a message transformed
using an asymmetric cryptosystem so that a person having the
initial message and the signer's public key can accurately
determine:
(A) Whether the transformed message was created using the
private key that corresponds to the signer's public key; and
(B) Whether the initial message has been altered since the
message was transformed.
(5) "Electronic postmark" means an electronic service provided
by the United States Postal Service that provides evidentiary proof
that an electronic document was opened or the contents of the
electronic document were displayed at a time and date documented by
the United States Post Office.
(6) "Federal certificate authority and repository program"
means an official program established by an agency of the United
States government for the issuance and authentication of digital
signature certificates or other secure electronic authorizations to
individuals for use in electronic transactions.
§39A-3-2. Acceptance of electronic signature by governmental
entities in satisfaction of signature requirement.
(a) Any governmental entity may, by appropriate official
action, authorize the acceptance of electronic signatures in lieu
of original signatures on messages or filings requiring one or more
original signatures, subject to the requirements and limitations of
section three of this article.
(b) Any governmental entity may elect to participate and
utilize the Secretary of State's digital signature authority and
registry. Upon acceptance of and registration with the Secretary
of State's digital signature authority and registry, the
governmental entity's electronic transactions are bound to the
regulation of the authority and registry and
those the rules
promulgated thereunder. Any governmental entity not required to
participate, but which elects to participate, may withdraw at any
time from the program upon notification of the Secretary of State
and all others who utilize that entity's digital signature program.
(c) Any governmental entity may adopt, in the manner provided
by law, an ordinance, rule or official policy designating the
documents on which electronic signatures,
electronic postmarks or both are authorized and the type or types of electronic signatures
which may be accepted for each type of document. Those
governmental entities not subject to the provisions of chapter
twenty-nine-a of this code which
proposes propose to authorize the
acceptance of electronic signatures,
electronic postmarks or both
on documents filed with that entity shall give public notice of the
proposed adoption in a manner prescribed by law, an ordinance, rule
or official policy, but in no case for less than thirty days before
adoption.
(d) Any governmental entity which intends to extend, modify or
revoke the authority to accept electronic signatures
or postmarks
shall do so by the same means and with the same notice as required
in this section for adoption.
§39A-3-3. Duties of the Secretary of State; state agencies use of
electronic signatures.
(a) The Secretary of State shall propose
emergency and
legislative rules for promulgation in accordance with the
provisions of article three, chapter twenty-nine-a of this code to
establish standards and processes to facilitate the use of
electronic signatures in all governmental transactions by state
agencies subject to chapter twenty-nine-a of this code. The rules
shall include minimum standards for secure transactions to promote
confidence and efficiency in legally binding electronic document
transactions. The rules may be amended from time to time to keep
the rules current with new developments in technology and improvements in secured transaction processes.
(b) The Secretary of State is designated the certification
authority and repository for all governmental agencies which are
subject to chapter twenty-nine-a of this code and shall regulate
transactions and digital signature verifications. The Secretary
may enter into reciprocal agreements with all state and federal
governmental entities to promote the efficient governmental use of
electronic transactions. The Secretary of State may propose
legislative rules for issuing certificates that bind public keys to
individuals, and other electronic transaction authentication
devices as provided
for in this article. The Secretary of State is
further authorized to contract with a
public or private entity to
serve as certification authority for the State of West Virginia.
This private The certification authority may contract with persons
to provide certification
service services. Any contract entered
into must require the certification authority to meet the
requirements of this article and any rules promulgated by the
Secretary of State.
(c) Nothing contained in this article may be construed to
mandate any specific form of technology, process or standard to be
the only technology, process or standard which may be utilized by
state entities. Nor may anything contained in this article be
construed to limit the Secretary of State in adopting by
legislative rule, alternative technologies to authorize electronic
signatures
and electronic postmarks.
_________
(NOTE: The purpose of this bill is to recognize and authorize
the use of an electronic postmark as part of digital signatures and
electronic commerce; to authorize emergency rule making and allow
the use of an existing federal certificate authority program by the
state.
Strike-throughs indicate language that would be stricken from
the present law, and underscoring indicates new language that would
be added.)