Government agencies and information security vendors are cautiously optimistic about a bill introduced in the House last month that aims to encourage the development of a nationwide electronic commerce infrastructure.
The Digital Signature Act, sponsored by Rep. Bart Gordon (D-Tenn.), would require the National Institute of Standards and Technology to develop guidelines and standards for the digital signature infrastructure that provides security for e-commerce transactions. The bill also would require NIST to create a list of commercially available products that meet the standards.
The bill intends to ensure the interoperability of the various digital signature systems—which authenticate the identity of a person who has "signed" an electronic document and ensure that the contents of the document were not altered during transmission—and public-key infrastructure (PKI) systems that agencies are developing throughout government and to establish a standard the public can trust, Gordon's office said.
"If criteria and systems are developed without any thought to compatibility, we will discourage the use of this electronic authentication technique by making it harder, not easier, for states and local governments, contractors and the general public to conduct business with the federal government," Gordon said in a statement.
The bill also would create a National Policy Panel for Digital Signatures to serve as a forum for exploring the issues associated with developing a national digital signature infrastructure. The panel would be led by the undersecretary of technology and the Commerce Department, according to the bill.
Tony Trenkle, director of electronic services at the Social Security Administration, said the bill moves the debate about standards in the right direction, especially at a time when agencies are trying to comply with the Government Paperwork Elimination Act (GPEA) passed last year. That act instructed the Office of Management and Budget to promote the use of electronic communications and forms, and digital signatures."I think, at least on the surface, it sounds like a pretty good idea," Trenkle said. "It'll help standardize some of the areas in the digital signature arena, particularly when we talk about things such as the GPEA and the issues related to that."
The Digital Signature Act is intended to complement GPEA, which requires all agencies to provide the public with the option of submitting government forms electronically whenever possible by October 2003. OMB in March released a draft version of its guidelines for federal agencies to comply with GPEA, and the final guidance is to be released next year.
But GPEA was intentionally written to be technology-neutral, and OMB's guidelines do not provide much additional help for agencies trying to choose an electronic infrastructure in a growing market, Trenkle said.
The Senate may make changes to the bill if it has any chance of passing, a Senate staff member said. "In general, we would support what they're trying to do," the staff member said. But the staff member said the primary opposition to the bill includes the provision that turns responsibility for guidance from OMB to NIST and how the bill possibly could counter the technology-neutral stance of GPEA.
Digg
De.licio.us
Slashdot
Technorati
