Under California law, a digital signature is defined as "an electronic identifier, created by computer, intended by the party using it to have the same force and effect as the use of a manual signature."

Government Code Section 16.5 states that a digital signature shall have the same force and effect as a manual signature if and only if it embodies all of the following attributes:

1. It is unique to the person using it.
2. It is capable of verification.
3. It is under the sole control of the person using it.
4. It is linked to data in such a manner that if the data are changed, the digital signature is invalidated, and
5. It conforms to regulations adopted by the secretary of state.

These proposed regulations, when adopted, will define the types of technologies that are acceptable for creating digital signatures for use by public entities in California. They also provide guidance to public entities that wish to utilize digital signatures for certain transactions.

Digital signature will dramatically alter the way the world communicates. Essentially, this technology will allow us to conduct legally-binding paperless communication. With digital signatures, we can virtually throw away our "original to follow by mail" stamps and conduct instantaneous communications and commerce around the world.

Digital signatures can be used for almost any transaction that currently requires a signature. Potential uses include anything from on-line college applications to the filing of state income tax forms to applications for business permits at the local level.

Almost any transaction that requires a signature can be replicated electronically with the inclusion of digital signature technology.

Government Code Section 16.5 and these proposed regulations affect public entities in California, which are defined by the Government Code as: the State, the Regents of the University of California, a county, city, district, public authority, public agency, and any other political subdivision or public corporation in the State.

Government Code Section 16.5 specifies that the use of digital signatures shall be at the option of the parties involved in the transaction. So, before beginning a full transition from paper documents to electronic ones, public entities should be sure that all the parties to the transaction are willing to use digital signatures. Initially, it would make sense to keep the paper option available for those who are not willing to utilize digital signatures yet.

When adopted, these regulations will allow public entities to utilize digital signatures that are created by one of two different technologies – "Public Key Cryptography" and "Signature Dynamics."

Public entities can receive some guidance regarding certificate-based signatures from the California Department of Information Technology in Sacramento. Much information on companies that provide digital signature services is also available on the Internet.

For a public entity to get started, the first step is to determine the amount of security necessary to conduct the transaction. Some issues to consider are:

• Are the documents containing signatures going to be transmitted over an "open" or a "closed" network?
• Does the signature on the document need to be verified?
• How much time and resources can be allocated to verification?
• Does the signature need to be compared to a manual signature on paper or can a digital certificate adequately provide one-stop verification?
• Will immediate verifiability reduce the potential of fraud?
• Will the documents containing digital signatures need to be reproduced for public access to the records?
• Will the documents containing digital signatures need to be utilized by another local, state or federal agency? If so, is the technology compatible with the other agency's needs?

Answering these and countless other questions can help public entities identify the appropriate technology to use for each application that includes a digital signature component.

PKI signatures have a greater degree of verifiability than signature dynamics signatures. Although both signatures are more secure than traditional handwritten, paper-based signatures, PKI allows for a third party verification of the signature, while signature dynamics signatures require additional steps (including handwriting analysis) to verify the signer of a document.

PKI is designed to have immediate verifiability. Signature dynamics is designed to allow future verification of the signature (similar to a non-notarized, paper-based signature).

PKI signatures are affixed to documents using software enhancements to existing applications and web-browsers. Signature Dynamics signatures require additional hardware to create the signatures.

Signature Dynamics signatures are easier for the average user to comprehend, but they do not provide the level of security that is inherent in PKI signatures which are immediately verifiable with a third-party issued certificate.

Public entities should conduct an extensive review of their needs and match them to the appropriate technology approved for use in proposed regulation Section 22003. Potential vendors can also be a valuable source of information in identifying the most appropriate technology for public entities.

True, other states have developed more regulatory-intensive proposals to oversee the implementation of digital signature technology. However, the California secretary of state's office believes that over-regulation of an industry that has yet to fully evolve would only serve to stifle the natural market forces that are crucial to the thorough evolution of any emerging technology.

With digital signatures, a sort of chicken or egg dilemma has developed. Potential users and vendors of the technology are waiting for laws and regulations to authorize digital signatures, however, lawmakers have found it difficult to identify the regulatory needs for an industry that is still in its infancy.

Consequently, many jurisdictions have sought to regulate any potential component of this technology which may eventually present a problem. The result of this over-burdensome regulatory approach has been continual delays in getting this important technology placed in use.

Rather than create a regulation or legislation to specify every minute policy and practice of potential certification authorities or other digital signature vendors, the primary focus of these regulations is to provide assurances to the people of California that the digital signature technologies and vendors they utilize meet the basic requirements established by the legislature in Government Code Section 16.5.

Additionally, these regulations admonish public entities to take steps to ensure that the level of security used to identify the signer of the document and the level of security used to transmit the signature is sufficient for the transaction being conducted.

Signatures created by Signature Dynamics technology are certainly different than the public-key based signatures that many other public entities have sought to employ. However, signatures created using this technology can meet the requirements of Government Code Section 16.5, and as such need to be included in these regulations.

Although Signature Dynamics signatures require the lengthy process of handwriting analysis to achieve certain verification of a signature, it is still "capable of verification" as required by the Government Code. Additionally, some degree of certainty can also be obtained by a lay-comparison of manual handwritten signatures which may already be on file within a particular agency.

If a public entity needs immediate absolute verification of a signature, then this technology may not be the best option for those transactions. However, the secretary of state can foresee instances where the level of security and verifiability of signature dynamics signatures could suffice for communications with public entities.