The next boom in e-commerce will not come because servers scale better or software handles more transactions per second. More likely, it will come from the US Congress.

So say many observers watching the Millennium Digital Commerce Act grind through the legislature on its way to becoming law.

The law -- along with nearly two dozen other pending bills involving electronic signatures -- would make digital signatures as legally binding as "wet" ink signatures. And if businesses have a legal backing for accepting and giving out digital signatures, they can open up e-commerce to larger and more sensitive types of transactions.

"It would help," said Jeff Uslan, manager of security for 20th Century Fox, adding that business-to-business commerce relationships are merely cursory compared with what could be done with digital signatures. "We're waiting for digital signatures to pan out. There's another wave of e-commerce that will be opened up by them."

But the work is far from complete. Congress hoped to pass the digital commerce bill by US holiday Memorial Day, but a committee meeting late this week shelved it until after the holiday. Still, at least one source involved with the bill said it will be taken up again next week.

A step toward legitimacy
If the law passes, digital signatures would replace ink signatures in many instances at Ruesch International, said Ron Szoc, senior vice president at the international financial services company.

"The bill is the first step toward legitimising the use of digital signatures in electronic commerce," said Szoc, whose company does electronic transactions of up to US$2 million.

Technology vendors are eager for the legislation, too, since it would ease some sites' fears about adopting new technology for critical applications such as e-commerce.

"People are just dying to use digital signature technology -- but they're eager to be second," said Patty Edfors, director of government operations for Baltimore Technologies, in Dublin and founder of the Federal Public Key Infrastructure Steering Committee, which represents PKI vendors in security initiatives. "They want someone else to set the precedent, to prove it, to tackle the legal issues. [This act] would automatically make the entire concept valid. Wholesale e-commerce deployments are waiting for this."

Electronic signatures are actually mathematical equations combined with strong authentication and nonrepudiation techniques to ensure that the signature is unique, that it's from the person it's supposed to be from and that there's no way for that person to deny he or she "signed" the document.

Act builds on standards
The key to the acceptance of the Millennium Digital Commerce Act, according to Edfors and others, is that it doesn't try to define digital signature legality from the ground up. Instead, it's based on existing standards and work of the 18 states that have such legislation in place or pending, as well as principles formed by the United Nations and the executive branch of the government.

The US Senate and House versions of the bill (S. 761 and HR 1714, respectively) in essence corral the myriad work already done into a standard for interstate and global e-commerce.

Stuart Cohen, manager of systems and security at Children's Hospital in Boston, said he believes the law could help him convince hospital executives that the immediate, low-cost distribution of the Internet has the proper safeguards in place to justify electronic transactions of highly sensitive health care data.

"If they can make the technology deliver what the law requires, and prove it, that would go a long way to validating digital transactions in the minds of senior managers," Cohen said. "Suddenly you'd have an acceptable technology."

Dave Williams, chief technology officer of Retail Solutions, a data warehousing hosting company for the retail industry, also wants the law passed.

"I'm a big fan of change, and this would create huge advantages," Williams said. "Just yesterday I needed a signature on a document by today, so I had to e-mail a PDF [Portable Document Format] file to the customer, tell them to make two copies, sign one and send it back to me overnight." But there's also a potential "dark side" that gives technologists such as Williams pause. "There's no such thing as noncopyable digital anything," he said. "You see what hackers can pull off, so the technology has to address the 'proving it' part."

Szoc, of Ruesch International, also said the law would have to get more specific on matters of credentials and nonrepudiation. Therein lies a political dark side, too, according to some who say the bill is a good start but still needs work.

A federal law would trample on state jurisdiction in many cases, predicted Dan Greenwood, special counsel on e-commerce to the commonwealth of Massachusetts.

While Greenwood favours laws that are noncommittal about technology, in some cases he believes more specific definitions of technology used in electronic signaturing must be delineated. He called the law "aggressively noncommittal on what technology to employ, which in some cases creates more problems than solutions."

Overall, however, the bill "is a good thing," Greenwood said. "We should answer the question, 'Is a digital signature valid?' This body of law will do that."

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.