Date: Tue, 15 Jul 1997 15:58:52 -0500 From: "C. J. Brandt" To: ECFORUM@nist.gov Cc: carolyn.purcell@dir.texas.gov, jerry.johnson@dir.texas.gov Subject: Written Comments TO: Director, Information Technology Laboratory ATTN: "Public Forum on Certificate Authorities and Digital Signatures" Written Comments of the Texas Department of Information Resources: The Texas Department of Information Resources (DIR) appreciates the opportunity to submit comments in response to the Department of Commerce's notice and request for public comments regarding certificate authorities and digital signatures. DIR's comments pertain to issues number one, two, and four as listed in the June 3, 1997 notice issued by the Department of Commerce. Issue 1: State government initiatives through "digital signature laws." Comment: The State of Texas recently passed a digital signature law which will take effect on September 1, 1997. This law amends the Texas version of the Uniform Commercial Code to allow electronic communications "sent from within or received in" Texas in connection with the sale of goods to be digitally signed. It also permits the use of digital signatures to authenticate electronic communications sent to agencies in the executive and legislative branches of Texas state government if the digital signatures comply with rules to be adopted by DIR. In adopting the rules, DIR must consult with a number of other state and local government representatives and must consider several factors that may affect the reliability of a digital signature. Those factors include whether a digital signature is : (1) unique to the person using it; (2) capable of independent verification; (3) under the sole control of the person using it; and (4) transmitted in a manner that will make it infeasible to change the data in the communication or the signature without invalidating the digital signature. The law also permits certain local governments in Texas to accept digitally-signed communications if the local government adopts rules to that effect after considering DIR's rules. DIR is currently in the process of drafting rules to implement the new law, and expects to circulate a draft among a number of other state agencies and local government representatives in August, 1997. It is anticipated that the rules will address the role of certificate authorities. The full text of this new law in Texas, House Bill 984, can be obtained from (enter hb984). Issue 2: The evolving legal framework of certificate authorities and digital signatures. Comment: DIR, as the technology planning agency for the State of Texas, is cooperating closely with the National Association of State Information Resource Executives (NASIRE) in its efforts pertaining to the accreditation of certification authorities. NASIRE, in conjunction with the National Association of State Purchasing Officials (NASPO), the National Association of State Comptrollers (NASC), and the states of California, Georgia, Massachusetts, Pennsylvania, Texas, Utah and Washington, issued a Request For Proposals in May, 1997 to establish a common method of accreditation of certification authorities. The objectives of this procurement process, which is currently in progress, include selecting an entity to provide a forum and process for conducting a joint demonstration project for accreditation of certification authorities. Selection of an entity is anticipated to occur in July or August, 1997, and the length of the initial project is expected to last from six months to one year. The State of Texas believes that a reliable system of certificate authorities can and should be developed in the context of the existing legal and regulatory framework. Federal legislation preempting state laws in this area is neither necessary nor desirable. Issue 4: User requirements and expectations. Comment: Following the recent passage by the Texas Legislature of House Bill 984, the State of Texas expects to become a major user of digital signatures and thus a user of a reliable system of certificate authorities. Texas also agrees with the first principle set forth in "A Framework For Global Electronic Commerce:" that the private sector should lead in the development of electronic commerce. Texas expects the private sector to generate a self-supporting, financially sustainable process to establish the technical, business and legal criteria for certification authorities, and expects the process to allow for substantial input and participation by major users such as the State of Texas. C. J. Brandt, Jr. General Counsel Texas Department of Information Resources 300 West 15th Street, Suite 1300 Austin, Texas 78701 Telephone: (512) 305-8972 Fax: (512) 475-4759 Internet:: END OF TEXT