Update on Digital Signatures
In January 1998, I wrote an article about the emerging technology and legal acceptance of electronic and digital signatures on computer generated drawings (POB Vol 23 No. 4). In this issue I want to revisit that field, with a short update on some of the state initiatives.
When I present this topic to land surveyors in various areas I still hear the question, "How do you prevent alteration of the drawing if you don't keep a hard copy?" Often this is expressed as a declaration: "Surveyors should not use electronic documents because you can't prevent them from being altered." I suspect this attitude evidences more a resistance to change than a considered objection to the technology. Simply stated, digital signature technology does a better job of protecting the integrity of a document than does a paper signature, but it is understandable that many people will not readily accept the process until they see a real need in their everyday business.
That need, of course, is coming. I have given seminars in several states and at national conventions, and in those I often ask surveyors if they send drawings to clients by E-mail. Usually more than half the people in the room reply by holding up their hands. Then, when I ask how many are digitally signing those documents, I seldom get a response. Personally, I don't see any reason not to digitally sign an E-mailed drawing. I have adopted the policy of signing all drawings I provide to clients on disk or by any other electronic means, even though under my state's regulations (Washington), I still have to produce and sign a hard copy. The hard copy keeps me legal, but I see no reason why the electronic copy, which will actually get used, should not also be securely signed.
Most likely, the impetus for adopting digital signatures in the land surveying and engineering professions will come from government. A news release I have seen states that the United States Navy expects to be "fully paper-free" in its construction design process by the year 2000. According to the release, project plans, specifications and bid documents will have to be electronic and accessible over the World Wide Web or by compact disc, and electronic signatures will be required.
On a more local level, in my area of Washington it is no secret that many of the counties are finding it difficult to store and handle huge numbers of recorded mylar survey drawings. One county clerk has announced a plan to require court filings to be by E-mail to relieve them of the need for storage space for the mountains of paper produced by lawyers. In that same county, it has been virtually impossible for years to look at the mylar survey drawings on record; the copies you actually use are created on a scanner. Surveyors providing data for and working within the GIS realm know the need for some form of electronic integrity to the original document behind the system.
As of January 1999, 18 states have adopted laws that allow for the use of digital or electronic signatures on "all communications." Those states are Alaska, Florida, Georgia, Illinois, Kansas, Kentucky, Minnesota, Mississippi, Nebraska, New Hampshire, Oklahoma, Oregon, South Carolina, Utah, Virginia, Washington, West Virginia and Wisconsin.
Vermont, in 1997, passed legislation to study the computerization of its land records and the need for electronic signatures. Many more states have validated the use of electronic or digital signatures for limited purposes and one of those, California, has passed so many laws allowing for limited use of electronic signatures that they are now legal for most any communication with public entities.
Laws regarding digital signaturesReviewing these laws, by far the most common standard seems to be that an electronic or digital signature must be executed or adopted by the person, with the intent to be bound by the execution or to authenticate a record, unique to the person using it, capable of verification, under the sole control of the person using it, and linked to the data in a manner that, if the data are changed, the signature is invalidated. In a few states, the standard appears to be merely that an electronic signature be executed by a party with an intent to authenticate a writing, and that the signature be "logically associated" with the writing. The statutes in Florida, Illinois, Minnesota, Mississippi, New Hampshire, Oregon, Utah, Washington and West Virginia specifically require the use of "public key-private key pairs" or asymmetric cryptosystems, for digital signatures to be generally acceptable. Only Massachusetts, Michigan, New Jersey, New York, Pennsylvania and South Dakota have managed to avoid enacting some electronic signature law, and Massachusetts has been very permissive toward the use of "electronic marks" to validate computerized documents.
In general, these laws presume that any problems with the technological capability of signature software to recognize whether a document has been altered will be handled by the marketplace, or by adherence to published standards. Most of the debate and variation in the laws concern protection against forgeries. Anyone who has obtained a "digital I.D." for use in Web-based transactions knows that there are various levels of identity security available for obtaining a private key. Several states have adopted a licensing approach, with strict regulations over who can "certify" a person's key, and over what care the "certifying authority" must take in verifying a person's identity. Rigorous regulations, of course, attempt to balance the need for encouraging commerce against public protection, and have so far tended to delay the legal use of digital signatures in the states that have adopted them. Washington State, for instance, has licensed only three certifying authorities since its law became effective in January 1998. Several states (Florida, for example) have adopted a "wait and see" approach as to whether certifying authorities should be licensed.
Only a few states have directly addressed the use of digitally signed electronic documents by surveyors or engineers. In Florida, the law governing licensing of engineers and surveyors states that "Drawings, specifications, plans, reports or documents prepared for or issued by a registrant may be transmitted electronically and may be signed by the registrant, dated and stamped electronically with said seal in accordance with ss.272.70-282.75 (a reference to the Florida Electronic Signature Act of 1996)." Fl. Ss.471.025 (1)
The Florida Board of Professional Engineers Administrative Code 61G15-23.003 states the procedures for signing and sealing electronically transmitted plans, specifications, reports or other documents:
Electronic files may be signed and sealed by creating a "signature" file that contains the engineer's name and PE number, a brief overall description of the engineering documents and a list of the electronic files to be sealed. Each file in the list shall be identified by its file name and utilizing relative Uniform Resource Locators (URL) syntax described in the Internet Architecture Board's Request for Comments (RFC) 1738, December 1994, which is hereby adopted and incorporated by reference by the Board and can be obtained from the Internet website. Each file shall have an authentication code defined as an SHA-1 message digest described in Federal Information Processing Standard Publication 180-1 "Secure Hash Standard," 1995 April 17, which is hereby adopted and incorporated by reference by the Board and can be obtained from the Internet website. A report shall be created that contains the engineer's name and PE number, a brief overall description of the engineering documents in question and the authentication code of the signature file. This report shall be printed and manually signed, dated and sealed by the professional engineer in responsible charge. The signature file is defined as sealed if its authentication code matches the authentication code on the printed, manually signed, dated and sealed report. Each electronic file listed in a sealed signature file is defined as sealed if the listed authentication code matches the file's computed authentication code.
In Washington, the Survey Recording Act was amended this year to allow the county auditors to retain scanned images of recorded surveys and return the original mylar drawings to the submitting surveyors. The amended law contains the following paragraph:
If the county has the capability to authenticate digital or electronic signatures and verify document integrity as codified in Chapter 19.34 RCW (a reference to the Washington Electronic Authentication Act) and administered under Chapter 434-180 WAC, and can import electronic files into an imaging system, the auditor may accept for recording, electronic versions of the documents required by this chapter, in lieu of the original mylar. RCW 58.09.110(6).
There are as yet no administrative guidelines implementing this new change to the law. Nebraska, interestingly, has adopted a law allowing for electronic signatures on architecture, engineering and geology drawings. Surveyors were not included.
Is this the end of the hard copy map?There are, of course, legitimate concerns about eliminating the "hard copy" map and replacing it with a secured electronic file. One of the main ones, to me, is the simple reality that most electronic signature software envisions that the user of the document will always be reviewing it on a computer screen, while many surveying and engineering plans are still unrolled on the hood of a truck and then stuffed into the corner of a job shack. A separate signature file, or a separately signed and sealed paper document, may in many cases not be actually linked to the plan copies being used. On the other hand, as with so much about computers, the economic necessity of pursuing commerce electronically will, most likely, eventually force surveyors and engineers to abandon the hard copy, at least in many instances. Laws regulating professions tend to change after the reality of the professional climate itself changes, and this is an area that will change unless we stop using computers.
Earlier this week I was researching an old right of way that ends at a dock on Lake Washington, which lies just east of Seattle. I knew that the state had undertaken several surveys of the shoreline of this lake in the early 1900s. I spent a few hours doing what people have paid me to do for years-sitting in a storage room trying to read old field books with faded pages and crumbling bindings. Unsuccessful, I went to another office and spoke with that most valuable of resources, the employee who had worked with the records for many years. He took me to the usual public plan sets and then got one of those far away looks in his eyes and wondered if I might be interested in a 1914 map. The map is a beautiful ink on linen work that is 5-ft. wide and could, as far as I know, be of infinite length. (We only unrolled it to the area of interest to me; there was still a several inch thick roll of map to go.) It was stored on a table in the room where the work got done. It had the information I was looking for.
Could I get a copy? He said there were no copiers available in town that could swallow such an expanse of linen. So we went to the microfiche copy, which was unacceptably dim. Consequently, my certified copy would have to be laboriously produced by taping and splicing from a table top copier.
I suspect that many surveyors will agree with me that it will be sad to see hard copy survey maps phased out of general use. Older original maps are not only works of art but invaluable records. The map I am referring to above is still in excellent shape, and far easier to read than the microfiche copy. Its only "problem" is that it does not fit modern copying technology. Sadly or not, however, I suspect that change is coming sooner rather than later, and that surveyor and engineering boards should be adapting to the changes now.
glossary"Public key-private key" or Asymmetric encryption: The most common digital signature process uses two related keys: a public key and a private key. In public key encryption, the public key is made available to anyone who wants to correspond with the owner of the key pair. The public key can be used to verify a message signed with the private key or encrypt messages that can only be decrypted using the private key. The security of messages encrypted this way relies on the security of the private key, which must be protected against unauthorized use. In most digital signature laws, a key pair must be bound to a user's name and identification (actually a "digital ID," but often called a digital signature) in order to have legal force.
NCEES's Electronic Technology Task ForceThe National Council of Examiners for Engineering and Surveying (NCEES) now has an Electronic Technology Task Force chaired by P. Gail Oliver, LS, of St. Augustine, Fla. Its ultimate purpose is to develop model laws or regulatory standards for the use of electronic technology in engineering and land surveying. A look at the specific charges given the committee shows that it is mostly concerned with the advisability and regulation of the use of digitally signed documents. The committee will be reviewing existing digital signature laws; current digital signature technology; common practices and evidence of risks or harm to the public; and standards adopted by other professions. The committee will write a paper on their findings in due time.
The NCEES committee has posed several questions to state boards, including "Has your jurisdiction adopted/considered adopting electronic signature laws?" Comments ranged from "Yes, considering. These regulations will be noticed for public comment on 1/29/99; they may be changed before formal adoption." (Calif.), to "No; N.J. Board is interested in learning how other states deal with this subject." (N.J.); to "No; Okla. Board is opposed to use of electronic signatures." (Okla.) Twenty-eight states answered that they had adopted or were considering adopting such laws.
I have agreed to serve on the Task Force as a consultant and invite readers to send me any evidence (beyond mere suspicions) of problems with electronically signed documents and updates of how your states are dealing with the issue. You can reach me at Jbroadus@seanet.com. I may or may not have time to answer your E-mails, but am probably more likely to reply to a short electronic message than a letter these days.