Statutes
...
Government Paperwork Elimination Act
DOC/NOAA/NMFS Policy, and Guidelines
eSignatures policy
procedural directive
NMFS eSignatures Policy
NMFS eSignature Procedural Directive
OMB, Justice, NIST Guidance
OMB M-04-04: E-Authentication Guidance for Federal Agencies
NARA Records Management Guidance for Agencies Implementing Electronic Signature Technologies
Federal Records Act (44 U.S.C. 3101)
Computer Security Act of 1987
Federal Information Security Management Act of 2002 "FISMA", 44 U.S.C. § 3541
OMB Circular No. A-130 (Revised) re Management of Federal Information Resources
NIST 800-25: Federal Agency Use of Public Key Technology for Digital Signatures and Authentication
NIST 800-63: Electronic Authentication Guideline
Treasury Electronic Authentication Policy
Justice: Legal Considerations in Designing and Implementing Electronic Processes
Legal Context and Precedents
Rosenfeld v. Zerneck, New York State court decision on validity of email signature
more on Rosenfeld v. Zerneck
Prior Art in the Citizen-to-Government eSignature Arena
Australian Fisheries Management Authority e-Logbooks
The Australian Fisheries Management Authority e-Logbooks initiative was designed to use Public Key Infrastructure (PKI) for electronic signature and confidentiality. The Australian Fisheries Management Authority (AFMA) developed a certification program for vendors, and currently one vendor (catchlog.com) has been certified. With some prompting from Tom Kagehiro (for which I am grateful) I contacted Dieter Bohm of catchlog.com. Dieter confirmed that AFMA is no longer depending on PKI for eSignature. Dieter told me "that didn't work". He noted that in its present state of maturity, PKI tends to authenticate a computer (the computer on which the private key is stored) and not a person. Also, he confirmed that private key storage within the browser is problematic. He told me that the direction catchlog.com finds promising is fingerprint readers. His company has demonstrated the technology to Australia and New Zealand and the reception to the demo was encouraging. Catchlog.com implementation is still under development and my impression was that these agencies have not committed to fingerprint technology at this time.
Note that the catchlog.com proposed design does not capture and transmit an image of a fingerprint, and would not, for example, allow matching of a skippers fingerprint against police fingerprint records. Instead, they have designed an algorithm that turns the input from the fingerprint reader into a verification number that is characteristic for a particular individual and consistent over time. The verification number is only reproducible with specific fingerprint reader technology and algorithms. Therefore there is a required eSignature registration process whereby a skipper is associated with a particular fingerprint verification number; then, whenever eLogbook data is "signed", the skipper must pass his fingers over the fingerprint reader, at which point the catchlog.com software will bind the verification number to the dataOMB GPEA Guidance, Implementation of the Government Paperwork Elimination Act
Similar Material from Other Federal Jurisdictions
EPA Cross-Media Electronic Reporting Rule (CROMERR)
USDA eAuthentication
DOE Standards for Electronic Signatures in Electronic Student Loan Transactions
General eSignature Reading
Understanding Electronic Signatures: The Key to E-Government
General Identity Reading
Larry's eSignature Tags on del.icio.us
FindLaw article "Electronic Signature Legislation" by Thomas J. Smedinghoff and Ruth Hill Bro of Baker & McKenzie, LLP questions we should be asking ourselves in using electronic signature legislation...