UIC John Marshall Journal of Information Technology & Privacy Law


With the current reliance on virtual transactions, the actual source and the authenticity of electronic transmissions must be determined. In realizing this need, Utah was the first state to pass legislation regarding the verification of electronic communications. In 1995, the legislature passed the Utah Digital Signature Act (the "Utah Act"), which mandates the creation of certification authorities - cybernotaries. In addition, the Division of Corporation and Commercial Code would administer rules to facilitate the implementation of the Utah Act. Since the codification of the Utah Act, over 35 states and jurisdictions implemented some form of digital or electronic signature legislation, which was either based in part or mimics the Utah Act. However, many provisions of the Utah Act are vague, ambiguous or insufficient to the point that the Act creates doubts as to the law's effectiveness. Ten provisions of the Utah Act diminish the precision and the effectiveness of the statute's ability to regulate certification authorities and to provide adequate guidance and protection for recipients and senders of electronic transmissions. These areas of the statute relate to: the record-keeping system; the requirements for licensing of certification authorities; criminal convictions prohibiting the licensing of a certification authority; the recommended reliance limits; the suitable guaranty; residency requirements for certification authorities; limited liability for certification authorities; the evidentiary presumption of digital signatures; and the reasonable care standard for private key holders. While the Utah Act purports to facilitate commerce through reliable messages, the failure to consider the practical application and implications of these ten provisions places the statute in the unintended position of fostering uncertainties that generate more confusion as to how digital and electronic signature legislation work together. In certain areas, comparing and contrasting the certification authorities to the notary publics, evaluating public policy concerns or examining long-term effects on the perception of digital signatures clearly illustrates Utah's failure to consider many legal and policy issues. The suggestions are a means of increasing the precision of the Utah Act and to allow the statute to resolve uncertainties instead of creating them. Furthermore, by calling attention to the weaknesses of the Utah Act, the author hopes that the states using the Utah Act as a model statute will act accordingly to correct these problems. In essence, without implementing the author's suggested changes, the Utah Act remains confusing, vague and insufficient to address the needs of verification of electronic transmissions in cyberspace. Effective practice and regulation of certification authorities are possible, but the deficiencies of Utah Act must first receive significant attention.