Those interested in on-line privacy should be aware of a bill in the California Legislature. A.B. 1577, sponsored by Debra Bowen, addresses the issue of digital signatures. There are versions of the same bill under consideration in Oregon, Washington, and Utah as well. Evidently, the bill would provide for a certification procedure that would be used to verify the digital signature of anyone who has had their signature "certified." The bill would provide for a publicly-accessible database of certificates, which could be accessed by anyone wishing to verify a digital signature. We have looked over the bill and, while we believe something along these lines is essential to prevent widespread fraud and misrepresentation in on-line activities, we are concerned that this specific bill raises several serious privacy concerns. The public database idea may be particularly intrusive. This sounds like a direct marketer's dream: a fully accessible database of e-mail addresses that are certified authentic and reliable for on-line sales up to an expressed amount. Will it be possible to access the repository and compile a list of e-mail addresses which could then be used for marketing purposes? For example, could a list of all certificates with "recommended reliance limits" above $1000 be culled from these repositories? If other information is included in the certificate, would direct marketers be able to search for all e-mail addresses, say, in a certain zip code or area code? There may be other privacy problems with A.B. 1577. We would like to hear comments from anyone regarding this bill. If you wish, we can forward your comments to Assemblywoman Bowen's office. The legislative counsel's digest of the bill is attached. The full text of the bill (about 30 pages worth) are available on the Net from: gopher sen.ca.gov [Under the Bills, Codes, & Analyses..] http://www.sen.ca.gov [Under the sen.ca.gov gopher interface] gopher mother.com [Under California/Assemblywoman Debra Bowen/Bills: 1995-96 Session] If you have comments, please contact the Privacy Rights Clearinghouse: voice 800.773.7748 (outside California 619.298.3396) e-mail prc@acusd.edu LEGISLATIVE COUNSEL'S DIGEST AB 1577, as introduced, Bowen. Digital signatures. Existing statutes do not generally govern the authenticity and verification of electronic or similar data intended to act as a signature, except in the case of electronic fund transfers in nonconsumer situations which provides for security procedures related to verification of authenticity of orders. This bill would add the California Digital Signature Act. A digital signature would be a sequence of bits meeting certain encryption requirements, that would be as valid as if it had been written on paper, except in the case of a digital signature that would make a negotiable instrument payable to bearer, which would be void except to effectuate a funds transfer or a transaction between financial institutions. The bill would further set forth the effect of certain actions taken with respect to digital signatures. The bill would provide for the issuance of a certificate by a certification authority that would contain information to verify a digital signature of a subscriber. The bill would provide for a database of certificates by repositories. The bill would provide for the licensure of certification authorities by the Office of Information Technology, and for the recognition of repositories. The bill would require the office to be a repository. The bill would provide for fees, and would impose related duties on the office. The bill would set forth provisions governing and limiting the liability of certification authorities and repositories. The bill would make it a misdemeanor for a person to knowingly or intentionally misrepresent to a certification authority his or her identity, name, distinguished name, or authorization when requesting suspension of a certificate, thereby imposing a state-mandated local program. ==================================================================== Barry D. Fraser fraser@acusd.edu Online Legal Research Associate Privacy Rights Clearinghouse prc@acusd.edu Center for Public Interest Law Gopher gopher.acusd.edu University of San Diego Select "USD Campus-Wide Info" Privacy Hotline: 619-298-3396 BBS: 619-260-4789 In California: 800-773-7748 host: teetot login: privacy ====================================================================