The Electronic Commerce Act (N.C.G.S. 66-58.1) passed in 1998. “The purpose of this Article is to facilitate electronic commerce with public agencies and regulate the application of electronic signatures when used in commerce with public agencies.”

The law is enabling in the sense that North Carolina agencies and governments, whether or not they possess other authority to use electronic signatures, can use electronic signatures if they comply with the Electronic Commerce Act and the implementing rules.

The law facilitates electronic commerce by and with state agencies. It authorizes agencies’ electronic signature use when they are not otherwise enabled. It charges the Department of the Secretary of State to  develop implementing rules.

The Secretary of State, through the Electronic Commerce Act and implementing rules, facilitates agency electronic signing. The Act is enabling legislation.  An agency might use the act authority when it recognizes the inherent strength of the signature solution(s) available, when it wants the structure and protection afforded by the act or when no other agency authority for electronic signature exists.

The NC Electronic Commerce Act does not apply to transactions between private parties. Business-to-business, private-to-private and similar transactions, where public agencies are not parties, are not affected by the Act or implementing rules. Generally speaking, the Federal “Electronic Signatures in Global and National Commerce ”Act (“E-Sign”) (15 USC 7020) allows private parties to decide how electronic signatures affect their business processes. North Carolina agencies turn to the North Carolina General Statutes for authority; E-Sign gives states, as market place participants, authority to define their electronic signature behavior.

The E-Commerce Act’s electronic signature criteria and solution described by the implementing rules assure high process and result integrity. Substantial technology, facility physical security, operating personnel and operating procedure security expectations characterize the solution. Tight and unique signer to signature (signer to digital certificate) binding is a solution characteristic and is typical of high  reliability solutions; the tight binding occurs through signer identification, authentication and controls on certificate issuance. 

Electronic signatures with security performance characteristics superior to the public key methodology identified in the E-Commerce Act implementing rules may evolve but none are now known. The Electronic Commerce Act and  implementing rules are designed to accommodate alternative technologies if they satisfy the Act’s demanding signature criteria.

Electronic signatures, per NCGS 66-58.1(1), are expected to be:

  • unique to the person using it;
  • capable of certification;
  • under sole control of the person using it;
  • linked to data in such a manner that if the data are changed, the electronic signature is invalidated; and
  • conforming with rules adopted by the Secretary of State.

An electronic signature deriving authority from NCGS 66-58.1(1) must conform to expectations a. though e.

Only digital electronic signatures currently comply with the act. No other electronic signature provides digital signature security features and strength.

Electronic signatures deriving authority elsewhere may not have to comply with these expectations of the Electronic Commerce Act. However, electronic signatures with highest degree of dependability, security, reproducibility and verifiability (“provability”) are difficult to achieve outside expectations a. through d. (above). The generally accepted electronic signature goals of authenticity, integrity, non-repudiation and privacy (where pertinent) can be achieved with high confidence using digital signatures in a public key infrastructure; the same is not true for alternative electronic signature technologies.

Decision Model

The Electronic / Digital Signature Decision Model Flow Chart may give context for decision-making.  With little prose, this model may help you decide on a course of action. If your circumstances do not fit this model well, the model can be a point of departure for your own model.

Authority for Electronic Signature

Your agency is likely to be affected, at least when planning, by three laws bearing on electronic signature. The NC Electronic Commerce Act, The North Carolina Uniform Electronic Transactions Act and the Federal Electronic Signatures in Global and National Commerce Act likely affect your agency; a look at some characteristics of these laws  may be useful.It is possible other law affects your agency; your agency may have other authority for signature and electronic signature.  

Links 

NC Electronic Commerce Act N.C.G.S. § 66-58.1

North Carolina Uniform Electronic Transaction Act N.C.G.S. § 66-311

The Federal Electronic Signatures in Global and National Commerce Act;