|
To require the adoption and utilization of digital signatures by Federal agencies and to encourage the use of digital signatures in private sector electronic transactions. IN THE HOUSE OF REPRESENTATIVES April 27, 1999 Mr. GORDON (for himself, Mr. SENSENBRENNER, and Mr. BROWN of California) introduced the following bill; which was referred to the Committee on Science A BILL To require the adoption and utilization of digital signatures by Federal agencies and to encourage the use of digital signatures in private sector electronic transactions. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE.This Act may be cited as the `Digital Signature Act of 1999'. SEC. 2. RECOGNITION OF DIGITAL SIGNATURES.(a) REQUIREMENT- To the extent that a Federal agency recognizes a written signature as authenticating a document, the agency shall recognize a digital signature as authenticating an equivalent electronically formatted document. (b) EFFECTIVE DATE- Subsection (a) shall take effect 1 year after the date of the enactment of this Act. SEC. 3. DIGITAL SIGNATURE INFRASTRUCTURE.(a) GUIDELINES AND STANDARDS- Not later than 6 months after the date of the enactment of this Act, the Director, in consultation with industry, shall develop digital signature infrastructure guidelines and standards for use by Federal agencies to enable those agencies to effectively utilize digital signatures in a manner that is-- (1) sufficiently secure to meet the needs of those agencies and the general public; and (2) interoperable, to the maximum extent possible. (b) ELEMENTS- The guidelines and standards developed under subsection (a) shall include-- (1) technical security requirements for digital signature infrastructure products and services; (2) validation criteria to enable Federal agencies to select digital signature infrastructure products and services appropriate to their needs; and (3) minimum interoperability specifications for the Federal acquisition of digital signature infrastructure products and services. (c) COORDINATION WITH NATIONAL POLICY PANEL- The Director shall ensure that the development of guidelines and standards under this section is carried out in coordination with the efforts of the National Policy Panel for Digital Signatures under section 7. (d) REVISIONS- The Director shall periodically review the guidelines and standards developed under subsection (a) and revise them as appropriate. SEC. 4. VALIDATION OF PRODUCTS.Not later than 6 months after the date of the enactment of this Act, and periodically thereafter as appropriate, the Director shall make available to Federal agencies and to the public an evaluation of the conformance with the guidelines and standards developed under section 3 of commercially available digital signature infrastructure products, and other such products used by Federal agencies. SEC. 5. ELECTRONIC CERTIFICATION AND MANAGEMENT SYSTEMS.(a) CRITERIA- Not later than 6 months after the date of the enactment of this Act, the Director shall establish minimum technical criteria for the use by Federal agencies of electronic certification and management systems. (b) EVALUATION- The Director shall establish a program for evaluating the conformance with the criteria established under subsection (a) of electronic certification and management systems, developed for use by Federal agencies or available for such use. (c) MAINTENANCE OF LIST- The Director shall maintain and make available to Federal agencies a list of electronic certification and management systems the Director has evaluated as conforming to the criteria established under subsection (a). SEC. 6. REPORTS.Not later than 6 months after the date of the enactment of this Act, and annually thereafter, the Director shall transmit to the Congress a report that includes-- (1) a description and analysis of the utilization by Federal agencies of digital signatures; (2) an evaluation of the extent to which Federal agencies' digital signature infrastructures conform to the guidelines and standards developed under section 3(a); (3) an evaluation of the extent to which Federal agencies' electronic certification and management systems conform to the criteria established under section 5(a); (4) the list described in section 5(c); and (5) evaluations made under section 4. SEC. 7. NATIONAL POLICY PANEL FOR DIGITAL SIGNATURES.(a) ESTABLISHMENT- Not later than 90 days after the date of the enactment of this Act, the Under Secretary shall establish a National Policy Panel for Digital Signatures. The Panel shall be composed of government, academic, and industry technical and legal experts on the implementation of digital signature technologies, State officials, including officials from States which have enacted laws establishing digital signature infrastructures, and representative individuals from the interested public. (b) RESPONSIBILITIES- The Panel shall serve as a forum for exploring all relevant factors associated with the development of a national digital signature infrastructure based on uniform standards to enable the widespread availability and use of digital signature systems. The Panel shall develop-- (1) model practices and procedures for certification authorities to ensure the accuracy, reliability, and security of operations associated with issuing and managing digital certificates; (2) standards to ensure consistency among jurisdictions that license certification authorities; and (3) audit standards for certification authorities. (c) COORDINATION- The Panel shall coordinate its efforts with those of the Director under section 3. (d) ADMINISTRATIVE SUPPORT- The Under Secretary shall provide administrative support to enable the Panel to carry out its responsibilities. (e) REPORT- Not later than 1 year after the date of the enactment of this Act, the Under Secretary shall transmit to the Congress a report containing the recommendations of the Panel. SEC. 8. DEFINITIONS.For purposes of this Act-- (1) the term `certification authorities' means issuers of digital certificates; (2) the term `digital certificate' means an electronic document that binds an individual's identity to the individual's digital signature; (3) the term `digital signature' means a mathematically generated mark utilizing asymmetric key cryptography techniques that is unique to both the signatory and the information signed; (4) the term `digital signature infrastructure' means the software, hardware, and personnel resources, and the procedures, required to effectively utilize digital certificates and digital signatures; (5) the term `Director' means the Director of the National Institute of Standards and Technology; (6) the term `electronic certification and management systems' means computer systems, including associated personnel and procedures, that enable individuals to apply unique digital signatures to electronic information; and (7) the term `Under Secretary' means the Under Secretary of Commerce for Technology. |
|