Sidestepping a White House initiative, the state of California proposed its own regulations today that allow public authorities to authenticate digital information without the type of "key recovery" system that has raised objections among privacy advocates.
Secretary of State Bill Jones today proposed the regulations, which were mandated by a state law enacted in 1995 to set up a system that authenticated legal documents sent over computer networks by public agencies or institutions.
Known as digital signatures or certificates, the technology puts an encrypted seal on an electronic document to prove its authenticity. Such certification can also be handwritten signatures that have been digitized.
The Clinton administration's proposal would require companies to set up a "key management infrastructure" to get federal digital certificates. If passed by Congress, the bill would give law enforcement authorities access to protected domestic communication with a court order, a privilege they don't have now.
California's legislation doesn't call for key recovery systems allowing public agencies to get the signatures.
Under the state's plan, private companies would be deemed certification authorities to hand out encryption technology endorsed by an "internationally recognized" body. Such a system is already being developed by an interstate group, the National Association of State Information Resource Executives.
"The proposed California regulations are different than most existing government proposals because they recognize the need for the infant digital signature industry to get off the ground before government imposes market- and creativity-stifling requirements on prospective service providers," Jones stated in a release.
But California has left the door open for key recovery requirements depending on how the interstate accreditation council decides to proceed.
"Key recovery isn't in the current proposal. We are leaving it to the public market to decide," said Alfie Charles, a spokesman for Jones.
On July 15, a public hearing will be held to examine the plan. The rules have already been endorsed by Netscape Communications.