[Congressional Record Volume 145, Number 58 (Tuesday, April 27, 1999)]
[Extensions of Remarks]
[Pages E775-E776]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




           INTRODUCTION OF THE DIGITAL SIGNATURE ACT OF 1999

                                 ______
                                 

                            HON. BART GORDON

                              of tennessee

                    in the house of representatives

                        Tuesday, April 27, 1999

  Mr. GORDON. Mr. Speaker, today I am pleased to introduce the Digital 
Signature Act of 1999. The purpose of this legislation is to require 
the National Institute of Standards and Technology (NIST) to develop 
minimum technical standards and guidelines for Federal agencies to 
follow when deploying digital signature technologies. In addition, the 
legislation authorizes the Under Secretary of Commerce for Technology 
to establish a National Policy Panel for Digital Signatures to explore 
the factors associated with the development of a National Digital 
Signature Infrastructure based on uniform standards to enable the 
widespread utilization of digital signature systems in the private 
sector.
  I want to make clear that this legislation is technology neutral. 
Rather it encourages federal agencies to use uniform criteria in 
deploying digital signature technology and to ensure that their system 
are interoperable. It also encourages agencies to use commercial-off-
the shelf software (COTS) whenever possible to meet their needs.
  By now, we are all aware of how the Internet is revolutionizing 
telecommunications and the business world. In less than ten years, the 
Internet has grown from a network linking a small, self-proscribed 
group of scientists to a telecommunication network linking millions of 
people around the world. The potential uses of the Internet seem 
unlimited. One of the most rapidly growing areas in electronic 
commerce. Statistics indicate electronic commerce was an $8 billion 
industry in 1998. Analysts now expect electronic commerce to explode 
into a $108 billion industry by 2003.
  When the Internet was first developed, virtually all users were known 
to each other or they were easily identifiable. However, with the rapid 
growth of the Internet we have lost the ability to actually ``know'' 
who we are communicating with is who they say they are. In order to 
exchange sensitive documents or to do business transactions with 
confidence it is important that an electronic authentication system is 
developed through which both the sender and recipient can be uniquely 
identified. One type of electronic authentication which is both secure 
and provides unique identification of the sender and recipient of 
messages is asymmetric cryptography, commonly referred to as a digital 
signature.
  I am not alone in my belief that digital signatures are a key element 
in the continuing growth of electronic commerce. The European

[[Page E776]]

Commission recently drafted a directive on a common framework for a 
comprehensive digital signature infrastructure. In addition, the 
Canadian government is already utilizing digital signatures for its 
transactions. These actions are designed to promote the growth of 
electronic commerce, but they will also enhance the position of 
European and Canadian companies that are developing digital signature 
systems. This is an attempt to become the world leader in electronic 
commerce.

  In the United States, we have a number of companies which offer 
digital signature services. The States are beginning to enact a 
patchwork of laws on digital signatures that could inhibit the 
widespread use of digital signatures. While I don't believe the 
government should dictate any one digital signature system, we should 
develop a level playing field which will encourage rather than hinder 
the development of a truly national infrastructure. It is my intent 
that the Digital Signature Act be a first step in this direction. This 
legislation has two simple goals: (1) develop uniform guidelines for 
Federal agencies to follow when they use digital signatures and 
encourage agencies to maximize the interoperability of their systems; 
and (2) establish a national policy panel for digital signatures to 
begin a dialog on the development of a national digital signature 
infrastructure.
  My legislation requires the National Institute of Standards and 
Technology (NIST) to develop minimum technical standards and guidelines 
for use by Federal agencies when developing their digital signature 
infrastructure and to give due consideration to the interoperability of 
their system. Whenever possible, the legislation encourages agencies to 
use commercial-off-the-shelf products.
  Agencies are currently developing and beginning to deploy digital 
signatures technologies. However, there is little coordination between 
agencies to ensure that the standards they use are consistent and that 
the technologies that they deploy are interoperable. NIST is charged 
with developing, with input from industry, technical standards and 
guidelines which ensure that the agencies deploy digital signature 
infrastructures that are both secure and interoperable. If agencies 
develop a variety of incompatible systems, I believe the result will be 
to discourage the widespread use of this electronic authentication 
technique by making it more complicated rather than easier to conduct 
business with the Federal Government.
  Agencies would be required to report back to Congress what they are 
doing to develop digital signature systems, and why, if applicable, 
they are not following NIST guidelines.
  In addition, the bill requires NIST to develop minimum technical 
criteria for agencies' use for electronic certification and management 
systems, both ``in-house'' systems or if they use a private entity. 
Once again, this is an attempt to level the playing field among Federal 
agencies to promote the private sector development of these goods and 
services.
  To promote a uniform environment for certification authorities, the 
bill establishes a national panel, under the auspices of the Department 
of Commerce's Technology Administration to develop model practices and 
procedures, uniformity among jurisdictions that license certification 
authorities, and uniform audit standards for certification authorities. 
This national panel, with broadly based representation from all 
stakeholders, will provide the coordination needed to put in place the 
national infrastructure that is a prerequisite for the widespread use 
of digital signatures.
  In closing, I want to make clear that this legislation does not favor 
any digital signature system, but attempts to begin to create a minimum 
uniform framework for Federal agencies to make communicating with the 
Federal Government easier and more secure. I also want to make clear 
that this legislation is an outline or work in progress. The framework 
of the Internet is dynamic. It would be short-sighted to draft Internet 
related legislation that is static and unresponsive. I expect further 
refinements and will continue to work with industry groups, the States, 
the administration and other stakeholders as we move through the 
legislative process.

                          ____________________