IRS e-File program
The first significant and clearly most influential large-scale implementation of eSignature was by the U.S. Internal Revenue Service. After several limited pilot studies, in 2001 (for tax year 2000). Taxpayers taxpayers meeting certain requirements were able to file paperless [tax year 2000 returnsfor tax year 2000 returns complete with an eSignature. Through tax preparation software (such as Intuit's Turbotax) they were guided through selecting a five-digit PIN number and providing two specific items of data from their previous year's tax return. Selecting a PIN number and providing prior-year personal tax information served as an electronic signature for an e-Filed return. According to UncleFed's Tax Board 4,293,085 taxpayers signed their returns with self-select PINs in 2001.
Southwest Fisheries Science Center Electronic Logbook Signature Certification
An approach that is being used successfully, perhaps as an interim solution, is to require in advance of electronic reporting a holographic signature on a form certifying agreement to electronically submit accurate and complete data in electronic format.
Australian Fisheries Management Authority e-Logbooks
This e-Logbooks initiative was designed to use Public Key Infrastructure (PKI) for electronic signature and confidentiality. The Australian Fisheries Management Authority (AFMA) developed a certification program for vendors, and currently one vendor (catchlog.com) has been certified. With some prompting from Tom Kagehiro (for which I am grateful) I contacted Dieter Bohm of catchlog.com. Dieter confirmed that AFMA is no longer depending on PKI for eSignature. Dieter told me "that didn't work". He noted that in its present state of maturity, PKI tends to authenticate a computer (the computer on which the private key is stored) and not a person. Also, he confirmed that private key storage within the browser is problematic. He told me that the direction catchlog.com finds promising is fingerprint readers. His company has demonstrated the technology to Australia and New Zealand and the reception to the demo was encouraging. Catchlog.com implementation is still under development and my impression was that these agencies have not committed to fingerprint technology at this time.
Note that the catchlog.com proposed design does not capture and transmit an image of a fingerprint, and would not, for example, allow matching of a skippers fingerprint against police fingerprint records. Instead, they have designed an algorithm that turns the input from the fingerprint reader into a verification number that is characteristic for a particular individual and consistent over time. The verification number is only reproducible with specific fingerprint reader technology and algorithms. Therefore there is a required eSignature registration process whereby a skipper is associated with a particular fingerprint verification number; then, whenever eLogbook data is "signed", the skipper must pass his fingers over the fingerprint reader, at which point the catchlog.com software will bind the verification number to the data.
State of Alaska eSignature (myAlaska)
myAlaska is an authentication and electronic signature system allowing citizens to interact and execute electronic signatures with multiple State of Alaska services through a single user name and password. Participation in myAlaska is voluntary and limited to individuals who meet prerequisites which vary based on the type of transaction. (For example, some transactions are only available to participants who verify their identity with a valid Alaska driver license.)
In the myAlaska system identity and profile information is under user control. As a myAlaska participant you may choose to "subscribe" to specific state agency systems. A subscription will cause myAlaska to share your profile information with that particular state agency system. However, unsubscribed state systems will have no access to your myAlaska identity or profile. For example, you may choose to subscribe to the Permanent Fund Dividend Division's online PFD application system to use myAlaska for electronic signature. You may choose not to subscribe to the Department of Transportation's Marine Highway Reservation System, which may use myAlaska to maintain user profiles. In this example, the PFD application system could use your profile to pre-fill online forms and electronically sign transactions, but the Marine Highway Reservation System would not recognize your myAlaska identity or have access to your profile.
A myAlaska electronic signature uses cryptography-based mechanisms to bind the data to be signed with the identity of the signer (myAlaska identity) and the date and time of the signing act. Due to this cryptographic binding, at any time after the signing act an independent third party can confirm non-repudiation (a person with knowledge of a particular myAlaska user name and password signed it, and no one else could have) and integrity (a change to any element of the content will be detectable via the cryptographic mechanism; i.e., the signature makes the content tamper-evident). The myAlaska system implements an electronic signature by packaging the data to be signed, the myAlaska identity of the signer, the date and time of the signing act, and the identity of the agency requesting the signature into one XML document and then digitally signing that XML document with an X.509 certificate issued to the myAlaska system.
myAlaska is currently in use for a dozen citizen-to-government and business-to-government services, has a citizen enrollment of over 250,000, and has a volume of approximately 300,000 eSignature transactions per year.
USDA eAuthentication
Currently, USDA offers eAuthentication Accounts with Level 1 Access and Accounts with Level 2 Access. Level 1 Access is limited and does not allow you to conduct official electronic business transactions with the USDA via the internet. An account with Level 2 Access provides the ability to conduct official electronic business transactions with the USDA via the Internet. You must have a valid email address to register for an account with Level 2 Access. You create a customer profile, User ID, password that you will remember and respond to a confirmation email within seven (7) days. In addition, you must visit the nearest USDA Service Center in person and prove your identity with a current State Driver's License, State Photo ID, US Passport or US Military ID. Approximately one hour after your Level 2 Access has been activated by the USDA Service Center employee, you will have access to USDA applications and services that require an account with Level 2 Access.