Concepts

This section is a working document to guide discussion during the requirements and design phases. This is intended to evolve as our understanding of the issues evolves, and to document problems, potential solutions, pros and cons of alternative solutions, etc.

Policy and Procedure Drivers

Definition

Under Sections 1703 and 1704 of the Government Paperwork Elimination Act (GPEA), Executive agencies are required to provide for the use and acceptance of electronic signatures. The term electronic signature means a method of signing an electronic message that: (A) identifies and authenticates a particular person as the source of the electronic message; and (B) indicates such person's approval of the information contained in the electronic message.

Electronic Signature Implementation Requirements

(from policy directive 32-110)
1. The implementation of an e-signature system must contain some form of technical non-repudiation services to protect the reliability, authenticity, integrity, and usability, as well as the confidentiality, and legitimate use of the electronically-signed information.
2. The technical non-repudiation services (required in number 1 above) should tie the electronic transaction to the individual or entity in a legally-binding way.
3. The electronic signature process should include, as part of its technical non-repudiation services, audit trails that ensure the chain of custody for the transaction. These audit trails should identify the sending location, sending individual or entity, date and time stamp of receipt, and other measures that will ensure the integrity of the document. These audit trails must validate the integrity of the transaction and prove: (1) that the connection between the submitter and NMFS has not been tampered with; and (2) how the document was controlled upon receipt by NMFS.
4. An electronic receipt or some form of electronic acknowledgement of a successful submission of the electronic record and signature should be provided.
5. Section 1708 of GPEA states that information collected from individuals and entities as part of an electronic signature authentication process may only be use to facilitate that electronic communication process between the individual or entity and a federal agency.
6. The implementing office should incorporate a long-term retention and access policy for the use of electronic signatures in electronic records with particular attention paid to the preservation of legal rights.
7. Periodic review and re-evaluation of the electronic signature process must be performed with particular attention paid to continuing changes in technology, law, and policy guidance.

End-User Requirement Assumptions

  • Ease-of-use consistent with typical commercial online transactions such as consumer banking or personal investor securities trading
  • Portable eSignature capability, not tied to a particular Internet access device or particular type of access device (rules out an eSignature pad, fingerprint reader, etc.)
  • Low-cost or no-cost to the end user

Conceptual Decomposition