ZDNet reports that State Sen. Lyle Hillyard will introduce a bill this coming legislative session to repeal Utah's digital signature act.
Enacted in 1996, the Utah Digital Signature Act was the first of its kind and went on to receive praise from groups like the National Association of State Chief Information Officers, which granted the state its 1997 e-commerce award a year later.
The law was intended to prevent e-commerce fraud and forged digital signatures. It required, among other things, for those issuing digital certificates to register with the government and to adhere to certain guidelines; to be subject to third-party audits; and to follow financial guidelines and international information security standards.
This law was one of those things that people always asked about when I was CIO. People generally liked the idea, but, like digital signatures themselves, no on ever seemed to figure out what to do with it or exactly when you needed it over something less onerous like UETA.
If you really want digital signatures to be used, I think the government needs to be the CA. The government is the only entity that can indemnify itself of the liability incurred by erroneous identification--a major factor in the cost of signed certificates. You ought to just get a digital certificate with your driver's license or other government issued ID card. The keys could be embedded on smart card technology in the driver's license if we could keep the black helicopter crowd quiet for a while.
A major expansion of Government power? Hardly. The government is already in the identity business. They serve as the foundational element and ought to play that role in the digital world as well. If Utah wanted to really make it's mark in digital government, they'd make a bold move like that. Get a few other states to follow suit and you'd see a major shift in the debate about identity on the 'Net.