Minnesota State Archives

Electronic Records Management Guidelines

Electronic and Digital Signatures
Annotated List of Resources

Primary Resources:

American Bar Association. Digital Signature Guidelines Tutorial. Washington, D.C.: American Bar Association, 1996.
http://www.abanet.org/scitech/ec/isc/dsg-tutorial.html

In 1996, the ABA's Section on Science and Technology produced the first legal overview of electronic and digital signatures, as well as related concerns. Although there have been many legal and technological developments in the years since, the site still contains fundamental information on signatures that is of value. The term "tutorial" is slightly misleading; this is basically a short essay, but it is the best introduction to signatures available. It has recently been complemented by the ABA's PKI Assessment Guideline.

American Bar Association. PKI Assessment Guidelines. Washington, D.C.: American Bar Association, 2001.
http://www.abanet.org/scitech/ec/isc/pag/pag.html

The Information Security Committee of the Electronic Commerce Division of the ABA issued a draft version of its PKI Assessment Guidelines (PAG) in 2001. The PAG offers a practical guide for the evaluation and assessment of PKI systems and vendors. This is a very detailed document, almost four hundred pages long. It is available as a PDF file. As noted, it is currently a draft and will be updated in the future.

Blanchette, Jean-Francois. "Defining Electronic Authenticity: An Interdisciplinary Journey." Workshop on Interdisciplinary Approaches to Achieving and Analysing System Dependability, Florence, Italy, 29 June 2004.
http://homepages.cs.ncl.ac.uk/michael.harrison/dsn/blanchettejf_authenticity.pdf

Blanchette's paper provides a succinct overview of digital signature and evidence law in the United States and Europe, along with an examination of the signature lifecycle and the technical preservation problems facing the archivists and the cryptographic community.

McBride Baker & Coles. Legislative Analysis Database for E-Commerce and Digital Signatures. Chicago, IL: McBride Baker & Coles.
http://www.mbc.com/ecommerce/legislative.asp

McBride Baker & Coles is Chicago law firm with an interest in information technology and the law. The Legislative Analysis Database for E-Commerce and Digital Signatures is a set of tables that allow for the comparative analysis of practices in different states. These tables systematically list and distinguish enacted digital signature legislation and uniform laws. The firm's e-commerce site provides a variety of other tables for study of pertinent issues around the world.

Minnesota Historical Society, State Archives Department. Trustworthy Information Systems Handbook. Version 4, July 2002.
http://www.mnhs.org/preserve/records/tis/tis.html

This handbook provides an overview for all stakeholders involved in government electronic records management. Topics center around ensuring accountability to elected officials and citizens by developing systems that create reliable and authentic information and records. The handbook outlines the characteristics that define trustworthy information, offers a methodology for ensuring trustworthiness, and provides a series of worksheets and tools for evaluating and refining system design and documentation.

National Institute of Standards and Technology (NIST), U.S. Department of Commerce. Cryptographic Toolkit: Digital Signatures. Washington, D.C.: NIST, 2001.
http://csrc.nist.gov/encryption/tkdigsigs.html

NIST's web site provides access to three Federal Information Processing Standards (FIPS) standards for digital signature algorithms, along with a variety of other resources on cryptography.

Additional Resources:

HIPAAdvisory. Standards for Security and Electronic Signatures. Montgomery Village, MD: Phoenix Health Systems, 2001.
http://www.hipaadvisory.com/regs/securityandelectronicsign/electronicsignature.htm

HIPAA, the Health Insurance Portability and Accountability Act of 1996, has created a small industry of guidelines, consultancies, and web sites devoted to explaining how its mandates can be implemented. This site provides easy access to the rules created by the Department of Health and Human Services for "standards for the security of individual health information and electronic signature use by health plans, health care clearinghouses, and health care providers." Since so many important government functions are related to health care, HIPAA's requirements will probably heavily influence the development of standards and technology architectures for electronic signatures.

State of Washington. Electronic Authentication. Olympia, WA: Office of the Secretary of State, 2001.
http://www.secstate.wa.gov/ea

Washington's digital signature law was a model for a number of other states, including Minnesota. The Secretary of State oversees the implementation of the law and particularly the regulation of certificate authorities. The web site includes useful information and resources on the workings of the law.

Glossary go to Glossary

Go to Table of Contents

Electronic Records Management Guidelines, March 2004, Version 4.

State Archives Home Research Services Government Record Services Records Retention Schedules Electronic Records Management Trustworthy Information Systems Recent Acquisitions Recordkeeping Metadata Standard Special Projects Contact Us


Powered by Meta Data