WASHINGTON - A Utah senator says he will introduce legislation to standardize electronic authentication technologies, including digital signatures for online banking.
"The expansion of electronic banking and commerce will be stifled until we put in place a uniform standard to authorize and validate the use of electronic authentication," said Republican Bob Bennett, chairman of the Senate Banking subcommittee on Financial Services and Technology.
Bennett, without giving any specifics, said he would introduce a bill on the matter early next year.
Representatives from leading financial institutions such as Citibank and Bank of America testified before the Senate subcommittee today. The House Science subcommittee on Technology also held a hearing on the issue.
Bankers told members of Congress that a federal law was needed to streamline the definitions of digital signatures and other forms of electronic authenticators. At least 36 states have enacted legislation regarding the use of digital signatures, which P. Michael Nugent, the general counsel for technology and intellectual property for Citibank, called a "patchwork quilt of rules."
Nugent said that with the number of online banking users in the United States expected to double to 2.1 million and worldwide users of electronic banking expected to quadruple to 40 million by the millennium, it is critical that the United States and other countries come up with standards.
Earlier this month, the European Commission released a policy paper on digital signatures and encryption technologies. The paper stopped short of urging specific action, though, instead encouraging member states to analyze their differences in legal requirements for digital signatures and technical protocols.
Giving people a way to make sure that individuals and institutions they are communicating with online are who they say they are is seen as crucial to the development of electronic commerce.
Digital signatures are not a signature at all but a means of authentication using a line of code called a hash. When a person sends a message to a bank to transfer funds, for example, the hash must match the one held by the bank.
Bankers said that small banks are especially vulnerable to variations in technology standards among the state laws.
"Small banks are at risk because, unlike the bigger banks, they cannot afford to pay the state-by-state licensing fees and to meet all standards," said J. Scott Lowry, president of the Digital Signature Trust Company.
As more people do their banking online, authentication technologies will become crucial to prevent fraud, witnesses told the Senate subcommittee.
"This is the dominant technology that financial institutions are looking for," said Ira Parker, partner at Alston & Bird, a law firm which specializes in electronic commerce. "If we have any doubt that we are in a world marketplace, you need only look at the events of the last 24 to 48 hours."
States are not nearly as enthusiastic about the prospect of federal legislation as industry is.
Daniel Greenwood, deputy general counsel for information technology in Massachusetts, said his state "has worked hard with other states to craft policies that are consistent, constructive and timely at a state level."
Provisions in draft federal legislation stating agreements with digital signatures "shall be valid" could contravene state laws prohibiting agreements made under duress or by minors, Greenwood said. Such issues "can go to the heart of state contract law," he said.
The Clinton administration, too, discouraged early action on passing a federal law on the issue.
"It is too early - and we do not know nearly enough - for the federal government to endorse a particular legislative approach," Commerce Department general counsel Andrew Pincus told a separate hearing before the House Science technology subcommittee.
