The emerging digital economy promises high-productivity, low-unemployment, and increased standards of living. However, citizens, companies, or governments will be unable to fully realize these benefits until individuals can easily and securely authenticate themselves over the Internet.

Currently, few Americans can do this; that is, they are unable to fully represent themselves over the Internet in a way that securely tells other people and companies that they are who they claim to be and allows them to be taken seriously when they state their intentions. As a result, few companies or governments have developed applications that could use online authentication; and likewise, since few online applications require authentication, consumers have little reason to obtain the means to sign documents digitally. The Progressive Policy Institute (PPI) proposes that state governments should help jump start this process by providing digital certificates to all citizens who want them through state Department of Motor Vehicles (DMV) offices.

Just as we couldn't do business of any kind--educational, commercial, or interpersonal--if everyone walked around under a mask, it will be impossible to take full advantage of the Internet's power to collect, store, and distribute information, and therefore conduct various types of transactions, until each of us can authenticate ourselves online.

Authentication is an issue not unique to the Information Age. Medieval princes could secure and authenticate their documents with hot wax and a signet ring, ensuring that the message could not be tampered with without the recipient knowing it. Today, corporations and governments use official stamps and seals to signify the authenticity of the documents they issue. Similarly, digital signatures can be used to identify and authenticate documents and other files transmitted over the Internet.

The analogy between hot wax and signet rings and digital signatures is really very close. The engraved images on the signet rings were the product of some of that time's most advanced technology, engraving and metal work. Only the rich and powerful had access to the tools to insure the security and privacy of their data transmissions.

While digital signatures are based on an idea similar to the medieval signet rings, unlike the rings, digital signatures are potentially available to everyone. Using some of the latest computer and encryption technologies, digital signatures reduce a message to gibberish when it is tampered with, making it clear that the integrity of the document has been compromised, and allowing the recipient to disregard it.

Digital signature technology can be used to transfer into cyberspace the same, or a higher, level of assurance for legal and commercial purposes than has existed in common law, statutory law, and Uniform Commercial Codes for non-cyberspace transactions. By unambiguously and definitively establishing that a certain document has been "signed" by someone--or that someone has stated, indicated, and memorialized his or her intent to enter into an agreement of some type--digital signature technology makes it possible for binding transactions that cannot be repudiated to take place at a distance electronically. In short, digital signature technology enables today's e- commerce (online retailing) to flower into e-business and e-government (online transactions of a wide range).

What Are Digital Certificates and Digital Signatures?

To understand the applications and implications of digital certificates and digital signatures, it is important to understand what they do and how they do it.

First, think of the digital certificate as a pen used to write a digital signature. It is a unique digital code--a sequence of letters and numbers--that exists on a person's computer or smart card, that enables online identification. Certificates are provided by private companies that serve as certificate authorities (CA).

Then, think of a digital signature as the online equivalent to a signature you write with the pen. It is an encrypted and uniquely identified transmission that is attached to a signed document that becomes unintelligible if tampered with.

Here's how it works:

A person's digital certificate resides on their computer hard drive (or smart card). When a user wants to send a secure message or make any kind of online transaction requiring a digital signature, all he or she needs to do is access their certificate by clinking the appropriate icon on their Internet browser and entering their unique password. Employing the user's certificate, the computer will digitally "sign" a digest (an attachment to the document that the computer encrypts, or scrambles, using the sender's digital certificate). The signature is then added to the core document along with a "public key" that enables a certificate authority (CA), a trusted institution charged with supervising this process, to authenticate the signature.

When the message is received, the recipient checks with the CA to determine if the public key he or she has received is in fact the proper public key of the person sending the message. The recipient can then be assured that the message has indeed been "signed" with the claimed sender's digital signature. All of this, fortunately, is done by the computers in the background and is invisible to the user.

Using unique digital certificates to create digital signatures also allows both the sender and recipient to know for certain that the received message is identical to the sent message and that it hasn't been tampered with between its transmission and receipt.

It is important to note that the use of encryption for authentication does not raise the same law enforcement policy concerns presented by the use of encryption for confidentiality since only the digest, and not the message, is encrypted, and because the digest can be read by anyone using the sender's public key.

Online Authentication is Critical in Driving the Next Wave of E-Business and E-Government

Today, virtually all of the approximately $80 billion in annual consumer-based e-commerce involves transactions that do not require the user to authenticate him or herself. For example, buying a book from Amazon.com does not require that a person prove to Amazon that they are who they say they are; it simply requires that they provide a valid credit card number.

However, for a truly digital economy to fully emerge and provide the kinds of productivity and standard of living increases that are possible, a host of functions now conducted in-person or on paper must be able to migrate to cyberspace where transaction and processing costs will be a fraction of their current levels. For example, applying for a bank loan by phone costs $5.90, but using the Internet costs 14 cents. Similarly, the cost of a teller transaction at a bank is $1.07, while online it is one cent, and filing taxes online is at least 60 percent cheaper than filing paper copies.

A whole host of functions will depend on digital signatures if they are to be conducted online efficiently and on a widespread basis. These include applying for a loan or insurance; filing legal documents; applying for a permit, driver's license, passport, or other official government document; paying taxes; and even voting electronically. In short, a large share of transactions that now require our signatures for some form of identification could migrate to cyberspace--but only if digital certificates are in widespread use.

Yet, important as digital certificates and digital signatures are to the full development of e-business and e-government, they are not yet widely in use or even widely discussed. Melissa the MacroVirus got more publicity in three days recently than digital certificates have received in the last three years. The main reason for this is that digital certificates and their relation to digital signatures is neither self-evident nor easy to understand. As a result, the media tend to shy away from the subject.

The complexity of these tools and the relative difficulty of obtaining them has meant that few people have them. Without widespread adoption by consumers, and with businesses apparently proceeding satisfactorily without them, few companies or governments have developed applications that could use online authentication. Likewise, since there are few online applications that require authentication, consumers have little reason to obtain these certificates. Moreover, putting digital certificates on smart cards (a credit card-shaped piece of plastic that contains a microprocessor for performing calculations, and a certain amount of computer memory for storing data) only becomes a viable proposition if there are sufficient smart card readers in use to attract enough users to support them. The chicken-and-egg metaphor is the simplest way to describe the problem. The overall result is the one we confront now: hardly any smart cards or digital certificates are in use anywhere in the United States.

Nevertheless, increasingly powerful applications will become possible as we move deeper into the Information Age, and many of them can only be put in place, or put in place effectively, by using smart cards, digital certificates, and digital signatures.

Accelerating the Adoption of Digital Signatures

As powerful and useful as digital signature technology is, there are certain obstacles standing between where it is now and where it could be. Principally, there is the problem of properly issuing the digital certificates upon which the entire system depends. Candidates for digital certificates, like applicants for driver's licenses, passports, or green cards, need at some point to present themselves before trusted authorities and establish their identity, either on the basis of a personal relationship with the trusted authority, or by presenting various types of documents that allow them to receive a digital certificate in their own name.

Some say that the provision of digital certificates should be completely left to the private sector. Clearly, the private sector needs to provide the technology, but it can also do this in partnership with government, the same way the private sector helps the government accomplish many of its tasks, from supporting a strong national defense to building roads.

Perhaps the most compelling reason why a government role is necessary for a robust implementation of digital certificates relates to the very significant economic benefits derived from breaking out of the chicken-or-egg conundrum faster than market forces alone are likely to be able to do. In particular, the lack of knowledge of digital certificates--combined with the cost and inconvenience involved in asking millions of citizens to present themselves to separate "digital certification" agencies to establish their identity and apply for a digital certificate--means that the use of digital certificates will develop only slowly, at best.

Not only will this mean that a host of e-business applications will be slow to develop, the same will also be true for many e-government applications. Perhaps the strongest motivation for states to make it easy for citizens to obtain digital certificates is that these will go a long way in enabling the electronic delivery of government services. If citizens could use their digital certificates to interact with state and local governments, the efficiencies resulting from online and electronic transactions would allow government to more than recoup the costs associated with providing the certificates. For example, citizens could apply for licenses and permits, file taxes, submit regulatory and other legal forms, and even vote online. Not only would state and local governments save millions, but citizen satisfaction with government would increase.

Fortunately, there already exists in every state and almost every community an agency whose job it is to establish and verify the identify of persons, and to capture that identity with a picture. This agency collects and stores what those in the identification business call "biometric indicators," such as height, weight, eye color, and hair color. They test your vision. They ask for your address. They make sure they know when you were born.

The Department of Motor Vehicles is already collecting quite enough information about each person to issue him or her a digital certificate. In fact, one can argue that it is the DMV that plays the baseline function of establishing authentication in the physical world. DMVs issue millions of driver's licenses and non-driver identification cards every year that people use to establish their identity in a myriad of applications. There is no reason why they shouldn't play this role in the cyber world. In fact, VeriSign, a leading provider of digital certificates, states: "Think of Digital IDs as the electronic equivalent of driver's licenses or passports that reside in your Internet browser and e-mail software." And indeed, the level of technological sophistication of the cards that embody these licenses varies from state to state. In many states, such as California, these cards include a magnetic strip, a digitized photo, and a surface hologram, designed to thwart illegal modification of the card or the data it holds.

Given that state DMVs already have sufficient data to issue digital certificates, that they already issue cards used for identification, and that they already employ sophisticated electronic and anti-tampering technologies, these agencies are well positioned to issue digital certificates as part of their ongoing citizen identification and certification functions. And since they already carry out their work on a rolling basis, with staggered renewals of their cards designed to balance the work flow, expanding their role to one of establishing identity in the cyber world would mean a gradual and smooth introduction of this technology.

To maximize the usability of such Government-Issued Digital Certificates (GIDCs), every citizen/customer/user who elects to could receive their driver's license on a smart card, which in addition to a photo and printed information on its surface, would also contain a microprocessor and have the capacity to accept and store a digital certificate. Citizens/users would select their own passwords and--from their own computer at home or at work, or from a publicly provided one in a school, library or kiosk--generate and download their own unique digital certificate and private key.

This digital certificate would be a general-purpose digital certificate. There would also be room in the smart card for the user to allow other institutions, organizations, and companies to add "cardlets" that would entitle the cardholder to access his or her HMO records, to download e-cash, or to vote in elections. In order to assure security, these cardlets would be acquired by the holder on the basis of their general purpose digital certificate and whatever additional information other organizations or individuals required for access to specific databases or transaction opportunities.

People without computers could still use the digital certificates in their smart cards in various offline ways, such as for applying for government permits at a public computer kiosk. Credit card companies would perhaps become one of the organizations providing specialized cardlets for the smart cards. The potential of smart cards loaded with digital certificates to improve access, cut costs, and improve the efficiency of transactions that individuals conduct in the physical world is significant.¹

In addition to providing the digital certificate to everyone on his or her driver's license or smart card, the state could also make the certificate containing the private key available directly to users to store on their computer(s) at home or at work, or both.

Likewise, this baseline authentication could be used to acquire other certificates that could be used for other purposes. Just as the driver's license is not the only means of personal identification, particularly for transactions with greater potential liability, other digital certificates issued by the private sector would also be used. With both smart cards and browser-based digital certificates, users would have private passwords that would prevent others from using their certificates to impersonate them in cyberspace.

As for the risk and liability questions surrounding the issuance and use of digital certificates in smart cards, there is a "defense in depth" approach that can effectively address this issue.

To start with, smart card and digital certificate users ("subscribers," in the industry jargon) are allowed to make up their own passwords. This reduces their need to write them down on their card. If they do make this mistake, and if their card is stolen and used fraudulently, the subscriber is liable, since the card issuer exercised due diligence in seeing that it would not be misused. However, since the leading digital certificate system employs a Certificate Revocation List (CRL) technology, once one of their subscribers reports his or her card lost or missing, it can be revoked immediately, and anyone trying to use it will not be able to do so. This is like revoking a credit card, only faster and more certain.

The ability to instantly revoke a certificate also comes into play in the case of cards that are stolen and then attacked to discover their password. In addition to the revocation protection, the cards themselves are resistant to forced intrusion. Ten thousand computers working simultaneously for 22 hours are required to break a 56-bit key. Current cards employ 128-bit keys, and future versions will feature 256-bit keys, so it will take much longer to intrude into these--far longer than the time it takes to revoke the card entirely.

As for the previously mentioned private-sector participation, it makes sense for each DMV to outsource the actual provision of the digital certificates and the smart cards, as well as the management of the certificates, to one or more private companies with established track records in developing, deploying, and managing digital signature technology. In the same way that state governments hire private companies to supply copying or phone services, or even today's driver's licenses, they would contract with established digital signature technology companies to provide the necessary components required to introduce and maintain the processes that constitute the digital signature system. Moreover, they could choose whatever parameters and technologies for authentication they think work best and are most cost-effective. In fact, different states may use different technologies.

Finally, the fact that DMVs would issue these cards would in no way prevent individuals who would rather obtain certificates from private providers from doing so. Rather, it would simply make it easier for individuals to obtain them. In addition, just as individuals now use multiple forms of identification (such as passports, birth certificates, and witnesses) for certain transactions--especially more sensitive ones (e.g., papers that need to be notarized)--some individuals would likely obtain multiple digital certificates that could be used in combination or individually, but the DMV-issued certificate serving as a baseline.

A Threat to Privacy?

Aren't digital certificates a step toward a national ID or a potential threat to privacy? Personal privacy has long been a core American value, and the proliferation of modern database technology has done nothing to eliminate this concern. In fact, it has only made it a more pressing matter.² Banks, merchants, HMOs, and the government all possess a lot of data about us and our habits, a fact that will not change in the presence or absence of a satisfactory means of issuing digital certificates.

Moreover, obtaining digital certificates from the DMV would be voluntary, and the state government would not itself serve as the certificate authority or know the passwords individuals choose to access the certificates. Also, just as driver's licenses are issued by states and not the federal government, under this proposal states would also issue digital certificates.

Finally, just as there are some transactions in the physical world that are anonymous and some that require identification, the same is true in the cyber world. Through the process of "anonymous authentication"--developed to allow voters to be authenticated online while maintaining the confidentiality of their electronic ballots and preventing their choices from being personally associated with them--other subscribers can also authenticate themselves as necessary while preserving certain aspects of anonymity in various other types of transactions. It will be important for state and local government to not require personal identification online when simple authentication will do. For example, a county may require that someone prove they are a resident before accessing a data base. In this case, a digital certificate would certify only that the person is a resident without revealing his or her identify. Fortunately, the technology is flexible enough to easily accomplish this. In addition, DMVs and the private digital certificate providers should establish a code of privacy that keeps the data they collect private. Overall, clearly thought out and reasoned government policies should prove sufficient in most cases to address these and other similar concerns.

Summary

It would not be an abrupt change for state DMVs to begin issuing driver's licenses on smart cards, and to provide the means for each citizen who wants to to create and store a digital certificate on that card. It would be, instead, an incremental modernization which will set the stage for a rapid advance in efficiency and cost-saving within state government, for an explosion of e-commerce, and for the facilitation of countless everyday tasks for every certificate holder.

Endnotes

1. For example, one potential application for smart cards would be to enable consumers to register online for hotel reservations, and download the room key code to their smart card, which could then be used to enter the room without registering at the front desk.

2. See Randolph H. Court and Robert D. Atkinson, Online Privacy Standards: the Case for a Limited Federal Role in a Self-Regulatory Regime, Progressive Policy Institute (March 1999).

Marc Strassman is the Executive Director of Campaign for Digital Democracy, a leading advocacy organization supporting the right of every citizen to vote and sign initiative petitions over the Internet. He is also President of VoteSite.com, a private company providing Internet voting services to government jurisdictions and Internet initiative signing services and products to initiative circulators. Robert Atkinson is director of PPI's Technology, Innovation, and New Economy Project.