ENROLLED
Senate Bill No. 639
(By Senators Fanning, Harrison and Minard)
____________
[Passed April 8, 2005; in effect from passage.]
____________
AN ACT to amend and reenact §39A-3-1, §39A-3-2 and §39A-3-3 of the
Code of West Virginia, 1931, as amended, all relating to
digital signatures generally; defining certain terms;
providing for use of an electronic postmark; authorizing
promulgation of an emergency rule; and authorizing use of a
federal certificate authority and repository program.
Be it enacted by the Legislature of West Virginia:
That §39A-3-1, §39A-3-2 and §39A-3-3 of the Code of West
Virginia, 1931, as amended, be amended and reenacted, all to read
as follows:
ARTICLE 3. DIGITAL SIGNATURES; STATE ELECTRONIC RECORDS AND
TRANSACTIONS.
§39A-3-1. Definitions.
(1) "Certificate" means a computer-based record that:
(A) Identifies the certification authority issuing it;
(B) Names or identifies its subscriber;
(C) Contains the subscriber's public key; and
(D) Is digitally signed by the certification authority issuing
it.
(2) "Certification authority" means a person who issues a
certificate.
(3) "Digital mark" consists of an electronic code indicating
approval or confirmation which is entered into a protected digital
record following access protocols which identify the user and
require a password, personal identification number, encrypted card
or other security device which restricts access to one or more
authorized individuals; and
(4) "Digital signature" consists of a message transformed
using an asymmetric cryptosystem so that a person having the
initial message and the signer's public key can accurately
determine:
(A) Whether the transformed message was created using the
private key that corresponds to the signer's public key; and
(B) Whether the initial message has been altered since the
message was transformed.
(5) "Electronic postmark" means an electronic service provided
by the United States Postal Service that provides evidentiary proof
that an electronic document existed in a certain form at a certain
time and that an electronic document was opened or the contents of
the electronic document were displayed at a time and date documented by the United States Post Office.
(6) "Federal certificate authority and repository program"
means an official program established by an agency of the United
States government for the issuance and authentication of digital
signature certificates or other secure electronic authorizations to
individuals for use in electronic transactions.
§39A-3-2. Acceptance of electronic signature by governmental
entities in satisfaction of signature requirement.
(a) Any governmental entity may, by appropriate official
action, authorize the acceptance of electronic signatures in lieu
of original signatures on messages or filings requiring one or more
original signatures, subject to the requirements and limitations of
section three of this article.
(b) Any governmental entity may elect to participate and
utilize the Secretary of State's digital signature authority and
registry. Upon acceptance of and registration with the Secretary
of State's digital signature authority and registry, the
governmental entity's electronic transactions are bound to the
regulation of the authority and registry and the rules promulgated
thereunder. Any governmental entity not required to participate,
but which elects to participate, may withdraw at any time from the
program upon notification of the Secretary of State and all others
who utilize that entity's digital signature program.
(c) Any governmental entity may adopt, in the manner provided
by law, an ordinance, rule or official policy designating the documents on which electronic signatures, electronic postmarks or
both are authorized and the type or types of electronic signatures
which may be accepted for each type of document. Those
governmental entities not subject to the provisions of chapter
twenty-nine-a of this code which propose to authorize the
acceptance of electronic signatures, electronic postmarks or both
on documents filed with that entity shall give public notice of the
proposed adoption in a manner prescribed by law, an ordinance, rule
or official policy, but in no case for less than thirty days before
adoption.
(d) Any governmental entity which intends to extend, modify or
revoke the authority to accept electronic signatures or postmarks
shall do so by the same means and with the same notice as required
in this section for adoption.
§39A-3-3. Duties of the Secretary of State; state agencies use of
electronic signatures.
(a) The Secretary of State shall propose emergency and
legislative rules for promulgation in accordance with the
provisions of article three, chapter twenty-nine-a of this code to
establish standards and processes to facilitate the use of
electronic signatures in all governmental transactions by state
agencies subject to chapter twenty-nine-a of this code. The rules
shall include minimum standards for secure transactions to promote
confidence and efficiency in legally binding electronic document
transactions. The rules may be amended from time to time to keep the rules current with new developments in technology and
improvements in secured transaction processes.
(b) The Secretary of State is designated the certification
authority and repository for all governmental agencies which are
subject to chapter twenty-nine-a of this code and shall regulate
transactions and digital signature verifications. The Secretary
may enter into reciprocal agreements with all state and federal
governmental entities to promote the efficient governmental use of
electronic transactions. The Secretary of State may propose
legislative rules for issuing certificates that bind public keys to
individuals, and other electronic transaction authentication
devices as provided in this article. The Secretary of State is
further authorized to contract with a public or private entity to
serve as certification authority for the State of West Virginia.
The certification authority may contract with persons to provide
certification services. Any contract entered into must require the
certification authority to meet the requirements of this article
and any rules promulgated by the Secretary of State.
(c) Nothing contained in this article may be construed to
mandate any specific form of technology, process or standard to be
the only technology, process or standard which may be utilized by
state entities. Nor may anything contained in this article be
construed to limit the Secretary of State in adopting by
legislative rule, alternative technologies to authorize electronic
signatures and electronic postmarks.
(d) Nothing contained in this article may be construed to
authorize the use of electronic signatures, electronic postmarks,
or both, to effect service of a summons and complaint.