Analysis

Sponsor: Senator O'Brien
Committee: Technology and Energy

Position: The Department of Consumer and Industry Services has not taken a position on the bill.

Background: Electronic commerce is growing exponentially as consumers use the Internet for shopping, banking, buying airline tickets, getting insurance policy quotes, complaints to government agencies and a variety of other activities. Several states, including Arizona, California, Florida and Utah, have passed digital signature legislation. The Utah legislation was the first to authorize commercial use of digital signatures. It provides for licensing of certification authorities by the Utah Department of Commerce. A subscriber's private key is protected as property and its theft or unauthorized use is subject to criminal and civil penalties. California's legislation is narrower and governs only digital signatures in communications with public bodies. The California Secretary of State has created a task force to study future expansion to the private sector.

Content of the Bill: Senate Bill 204 would create the Michigan Digital Signature Act. Part 4 of the bill provides that a valid digital signature satisfies requirements in law for a signature. Other parts provide for the licensing and regulation of certification authorities and the recognition of signature repositories by the Department of Consumer and Industry Services. Certification authorities would be required to be audited annually by a certified public accountant with expertise in computer security or by a computer security professional accredited by the department. The department would be required to maintain a publicly accessible data base containing a certification authority disclosure record for each licensed certification authority.

Arguments:
Pro: Electronic filing of both commercial and government documents offers tremendous convenience for both customers and wide range of businesses and government agencies. Such filing is quicker and cheaper than the traditional paper method. However, a process is needed by which such signatures can be accepted as bona fide signatures by businesses and governmental agencies. The business or agency accepting an electronic filing, and any court reviewing such a document, needs to be assured that the public-private key pair is truly associated with the signer and that the certification authority issuing the signature certificate is trustworthy. The bill creates such a process.

Con: There is no need for government to become involved in the licensing of certification authorities. The private sector is already using digital signatures, and their use will continue to grow. Privately produced international and national standards, which are already in place, should satisfy the need for regulation. The department's Corporations, Securities and Land Development Bureau has promulgated a guideline which substantially satisfies our concerns with respect to digital signatures to be accepted in proposed electronic filing of corporate registration documents. Other state agencies can do the same.

Fiscal Information: The bill would create undetermined costs for the state by requiring the department to license certification authorities, maintain a data base of certification authority disclosure forms and otherwise enforce the law.