HomeMy WebLinkAboutStaff Report 3994
CITY OF PALO ALTO OFFICE OF THE CITY ATTORNEY
August 5, 2013
The Honorable City Council
Palo Alto, California
Adoption of an Ordinance Authorizing Electronic Signatures on
Documents Used and Accepted by the City of Palo Alto
Recommendation
This ordinance would authorize the use of electronic signatures on City documents while
allowing the City to strike a balance between flexibility and the need for signature security and
integrity.
Executive Summary
The use of electronic signatures on legally-binding documents has become increasingly
prevalent in the private sector, but has yet to find widespread adoption by government
agencies. The benefits of electronic signatures are simple and numerous: they cut down on the
paper, time, and cost associated with transmitting and approving physical documents, and they
can offer an easily accessible audit trail of when documents were modified and when they were
signed.
At a fundamental level, an electronic signature is any electronic symbol that represents an
individual’s acceptance or adoption of a statement or transaction. Thus, an electronic signature
may be as simple as typing a name or checking a box. One common concern with electronic
signatures is the ability to verify the identity of the person affixing the signature. While several
technologies have developed to address this issue, some solutions insert additional,
cumbersome steps into a signature process that may obviate some of the advantages of
accepting electronic signatures.
This ordinance would authorize the use of electronic signatures on City documents while
allowing the City to strike a balance between flexibility and the need for signature security and
integrity. Specifically, this ordinance would: (1) establish that electronic signatures shall be
effective on City documents so long as certain guidelines regarding the security and integrity of
electronic signatures are met; (2) authorize the City Manager to determine the particular
technologies or vendors that presumptively satisfy these guidelines; and (3) authorize the City
Manager to determine the level of security required for various types of documents.
Background
The general legal framework for the use of electronic signatures on electronic records has been
in place for over a decade. In 1999, California adopted a version of the Uniform Electronic
Transactions Act (UETA), guaranteeing that electronic signatures would have the same legal
effect as a “wet” or manual signature. (Civ. Code §§ 1633.1-1633.17.) In 2000, Congress
Page 2
passed the Electronic Signatures in Global and National Commerce Act (E-SIGN Act), mandated
the same treatment of electronic signatures in interstate or foreign commerce. (15 U.S.C.
7001.)
In addition, in 1995, five years before the UETA and E-SIGN Act were adopted, the California
Legislature passed a statute authorizing public entities to accept “digital signatures”1 if and only
if they comply with stringent verification procedures established by the Secretary of State.
(Gov. Code § 16.5.) The Secretary of State adopted regulations in 1998 approving the use of
digital signatures only if they could be verified using Public Key Cryptology (PKI) or Signature
Dynamics technologies. (2 C.C.R. § 22003.) These regulations have not been updated in the
past 15 years.
Unfortunately, both PKI and Signature Dynamics technologies add complexity and expense to
the signature process, eliminating some of the primary advantages of using electronic
signatures. For example, Signature Dynamics technology involves the use of a specialized tablet
and/or stylus to record physical attributes of a signature (e.g. speed and pressure) to verify the
identity of the signer. The additional hardware required to implement Signature Dynamics
renders it impractical in the majority of situations in which electronic signatures may be
attractive. PKI technology requires each party to establish a relationship with a “certification
authority,” which verifies the identity of the signer using a combination of public and private
“keys.” This additional step may be overly burdensome for many individuals and organizations
who have only intermittent interaction with the City.
Although Government Code 16.5 and the California Secretary of State’s regulations set forth
requirements for the use of “digital signatures,” they do not limit the manner in which the City
may use or accept electronic signatures generally. Moreover, as a charter city, Palo Alto retains
plenary authority over municipal affairs, including, for example, procedures and requirements
for entering into purchase contracts.
Discussion
This ordinance would provide assurance that electronic signatures meeting certain security
criteria would be effective on documents accepted by the City notwithstanding the fact that
they do not involve PKI or Signature Dynamics technologies. The ordinance would further
require that the City Manager designate a list of technologies or vendors whose processes
presumptively meet the security criteria of the ordinance. Over the past several months, staff
has researched various electronic signature platforms that offer a high degree of security and
integrity without the burdens associated with PKI or Signature Dynamics technologies. For
example, several vendors offer cloud-based document and signature management systems
featuring multi-factor identity verification (e.g. by email and phone), password protection, or
some other form of identity and signature verification processes. These systems do not require
1 “Digital signature” is a term of art meaning an electronic signature that is accompanied by a unique cryptographic
certificate verifying the identity of the person affixing the signature.
Page 3
that the signer have access to specialized hardware or that the signer establish an account with
a certification authority or any other entity. The relative ease and security offered by these
systems has led to their wide adoption in the private sector as well as by the I.R.S. for certain
tax filings.
At this time, the Administrative Services Department expects to implement a pilot program
offering electronic signatures as an option on purchase and services contracts valued up to
$85,000. While the City Manager may implement this pilot program under the existing
provisions of the Municipal Code,2 this ordinance would codify the City’s policy on electronic
signatures and expand their availability to contexts beyond purchasing. In particular, staff has
identified construction permits, employment forms, and board and commission applications, as
classes of documents for which electronic signatures may provide significant benefits for City
staff and the public.
Finally, this ordinance would allow the City Manager to designate certain classes of documents
for which electronic signatures will be accepted with fewer verification measures. For example,
multi-factor identity verification or password protection will likely require the City to invite a
particular individual to sign a document. While this would streamline the purchasing or
employment processes, it would add unnecessary additional steps to an application to a City
board or commission. Thus, on board and commission applications or other contexts where the
City accepts signed applications or documents from the public generally, a less formal
electronic signature may be more appropriate.
Resource Impact
Adoption of the ordinance would not result in any fiscal impact. There may be costs associated
with the selection and implementation of an electronic signature platform.
Environmental Review
Adoption of the ordinance is not a project subject to environmental review.
ATTACHMENTS:
Attachment A: Ordinance to Authorize Electronic Signatures (PDF)
Department Head: Molly Stump, City Attorney
2 The City Manager and Purchasing Manager may authorize the use of electronic signatures in this pilot program
under the authority delegated in Municipal Code section 2.30.050, allowing the City Manager to implement a
purchasing program and to update the procedures applicable to City purchases from time to time.
Page 4
NOT YET APPROVED
130628 dm 0160027 1
ORDINANCE NO. _____
Ordinance of the Council of the City of Palo Alto Amending Title 2 of the
Palo Alto Municipal Code to Authorize the Use of Electronic Signatures
in Documents Accepted by the City of Palo Alto
The Council of the City of Palo Alto does ORDAIN as follows:
SECTION 1. Findings and Declarations:
(a) Electronic signature technology allows the City of Palo Alto to collect and preserve
signatures on documents quickly, securely, and efficiently.
(b) The California Secretary of State has adopted regulations governing electronic
signatures, which are not suitable for to govern the use of electronic signatures by
the City of Palo Alto.
(c) The conditions under which the City of Palo Alto will accept electronic signatures on
City documents are a municipal affair, wholly within of the City Council to regulate
pursuant to the City Charter.
SECTION 2. Section 2.49.010 (Electronic Signatures) of Chapter 2.49 (Electronic
Signatures) of the Palo Alto Municipal Code is hereby amended to read as follows:
(a) In any document accepted by the City in which a signature is required or used, the
City may authorize the use of an electronic signature, so long as it complies with the
requirements of this section.
(b) The use of an electronic signature shall have the same force and effect as the use of
a “wet” or manual signature if:
(1) The signature is capable of verification;
(2) The signature is under the sole control of the person using it; and
(3) The signature is linked to the data in such a manner that it is readily ascertainable if
the data is changed after the signature is applied.
(c) The City Manager shall determine acceptable technologies and vendors under this
section consistent with industry best practices to ensure the security and integrity of the
data and the signature. The City Manager shall further determine the documents for
which the City will accept electronic signatures.
NOT YET APPROVED
2
SECTION 3. This ordinance shall be effective on the thirty-first day after the date of its
adoption.
INTRODUCED:
PASSED:
AYES:
NOES:
ABSENT:
ABSTENTIONS:
ATTEST:
____________________________ ____________________________
City Clerk Mayor
APPROVED AS TO FORM: APPROVED:
____________________________ ____________________________
City Attorney City Manager
____________________________
Director of Administrative
Services