https://minnesotalawyer.com/statutes/chapter-325k/Recent content in Chapter 325K — Purposes and Construction on MinnesotaLawyer.comHugoen-ushttps://minnesotalawyer.com/statutes/chapter-325k/325k.001/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.001/This chapter is officially called the ‘Minnesota Electronic Authentication Act.’ It sets the rules for digital signatures and the companies that issue digital certificates in Minnesota.https://minnesotalawyer.com/statutes/chapter-325k/325k.01/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.01/This section defines all the key terms used in the Electronic Authentication Act. It covers terms like ‘digital signature,’ ‘certificate,’ ‘certification authority,’ ‘private key,’ ‘public key,’ and many others. These definitions explain the technical and legal vocabulary needed to understand the rest of the chapter.https://minnesotalawyer.com/statutes/chapter-325k/325k.02/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.02/This section states the goals of the Electronic Authentication Act. The law aims to make electronic commerce more reliable, prevent forged digital signatures, follow international standards, and create uniform rules across states for authenticating electronic messages.https://minnesotalawyer.com/statutes/chapter-325k/325k.03/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.03/The Minnesota Secretary of State serves as a certification authority and oversees the digital signature system. The Secretary issues, suspends, and revokes certificates for license applicants and government entities. The Secretary must maintain a public online database of certification authority records and adopt rules governing licensed certification authorities.https://minnesotalawyer.com/statutes/chapter-325k/325k.04/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.04/The Secretary of State sets fees for all services under this chapter. The fees must be enough to cover the costs of running the digital signature program. All fees go into a special ‘digital signature account’ in the state’s revenue fund and are used to pay for the Secretary’s services.https://minnesotalawyer.com/statutes/chapter-325k/325k.05/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.05/Companies that want to issue digital certificates in Minnesota must get a license from the Secretary of State. To qualify, they must use trusted systems, employ only people without recent felony convictions, meet financial requirements, and carry a bond or other security. The section also sets requirements for license applications, renewals, and the disclosure records that certification authorities must maintain publicly.https://minnesotalawyer.com/statutes/chapter-325k/325k.06/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.06/Every licensed certification authority in Minnesota must be audited by a certified public accountant with computer security expertise at least once each year. The auditor rates the certification authority as in full compliance, substantial compliance, or non-compliance. The audit results must be filed with the Secretary of State, and the Secretary can take enforcement action if compliance problems are found.https://minnesotalawyer.com/statutes/chapter-325k/325k.07/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.07/The Secretary of State has the power to investigate certified authorities, issue compliance orders, suspend or revoke licenses, and assess civil penalties of up to $25,000 per violation. The Secretary can also seek court-ordered injunctions to stop violations. These enforcement tools give the Secretary real power to protect the integrity of the digital signature system.https://minnesotalawyer.com/statutes/chapter-325k/325k.08/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.08/This section prohibits all certification authorities—licensed or not—from running their business in ways that create unreasonable risks of loss for subscribers or people who rely on their certificates. The Secretary of State can seek court orders to stop dangerous practices even against unlicensed certification authorities. However, only the Secretary can bring an action under this specific provision, not private individuals.https://minnesotalawyer.com/statutes/chapter-325k/325k.09/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.09/This section requires licensed certification authorities and their subscribers to use only ’trustworthy systems’ when issuing, suspending, or revoking certificates, providing notice of those actions, and creating private keys. A trustworthy system is one that is reasonably secure from intrusion and misuse, and that provides reasonable levels of availability and reliability. This section is the technical security foundation of the certification system.https://minnesotalawyer.com/statutes/chapter-325k/325k.10/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.10/Before a licensed certification authority can issue a digital certificate, it must verify the applicant’s identity in person, confirm that the applicant controls the private key that matches the public key in the certificate, and publish the certificate in a recognized repository. The section also sets rules for what information must be included in each certificate. These requirements ensure that certificates actually link a real, verified person to a specific public key.https://minnesotalawyer.com/statutes/chapter-325k/325k.11/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.11/When a certification authority issues a certificate, it makes legally binding promises to the subscriber: that the certificate contains no false information, that it meets all legal requirements, and that the authority has not exceeded its license limits. The certification authority also makes promises to people who rely on the certificate in good faith. These warranties cannot be disclaimed in the fine print.https://minnesotalawyer.com/statutes/chapter-325k/325k.12/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.12/When a person or organization accepts a digital certificate for use, they make legal representations—including that they rightfully hold the private key associated with the certificate and that the information in the certificate is accurate. Subscribers also have ongoing duties to keep their private keys secure and to promptly request suspension or revocation of the certificate if the key is compromised. These duties are the counterpart to the certification authority’s obligations.https://minnesotalawyer.com/statutes/chapter-325k/325k.13/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.13/Subscribers must keep their private keys under their sole control and must not share or disclose the private key to others. If a subscriber discovers or has reason to believe that their private key has been stolen, compromised, or is no longer trustworthy, they must immediately request that the certification authority suspend or revoke the certificate. Continuing to use a certificate after learning the key is compromised is a violation of this chapter.https://minnesotalawyer.com/statutes/chapter-325k/325k.14/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.14/A certification authority can temporarily suspend a digital certificate for up to 96 hours when there is reason to believe the private key may be compromised, or when ordered to do so by the subscriber or someone with authority over the subscriber. During suspension the certificate cannot be used for valid digital signatures. The certification authority must promptly publish notice of the suspension and must either revoke or reinstate the certificate within the 96-hour period.https://minnesotalawyer.com/statutes/chapter-325k/325k.15/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.15/Certificate revocation permanently cancels a digital certificate so it can no longer be used to create valid signatures. A certificate can be revoked upon request of the subscriber, upon court order, or when the certification authority determines that the certificate was issued improperly or that its continued use would pose a security risk. The certification authority must publish notice of revocation immediately, and the revocation takes effect when published. Revocation is permanent and cannot be undone.https://minnesotalawyer.com/statutes/chapter-325k/325k.16/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.16/Every digital certificate must have an expiration date set by the certification authority. When the expiration date arrives, the certificate automatically becomes invalid, just as if it had been revoked. A certification authority must publish notice in a recognized repository when a certificate expires. Certificates can be issued for a maximum operational period set by the Secretary of State’s rules.https://minnesotalawyer.com/statutes/chapter-325k/325k.17/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.17/A certification authority and subscriber can include a ‘recommended reliance limit’ in a digital certificate, which tells third parties the maximum dollar amount of transactions they should rely on that certificate for. If someone relies on the certificate for a transaction larger than the recommended limit, they assume the additional risk. This is a way to manage liability exposure for both the certification authority and the subscriber.https://minnesotalawyer.com/statutes/chapter-325k/325k.18/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.18/This section describes how people harmed by a certification authority’s failure can make claims against the authority’s bond or letter of credit. When a certification authority causes losses through improper certificate issuance or other failures, the financial security it posted can be used to compensate victims. The section sets out the process for making and resolving such claims, including priorities among multiple claimants if the fund is not large enough to cover everyone.https://minnesotalawyer.com/statutes/chapter-325k/325k.19/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.19/This section establishes that a digital signature legally satisfies any requirement for a written signature, as long as the digital signature meets the requirements of this chapter. A properly created digital signature has the same legal effect as signing a paper document by hand. The section also applies to government records and documents signed by public officials.https://minnesotalawyer.com/statutes/chapter-325k/325k.20/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.20/If someone relies on a digital signature that turns out to be forged or unreliable, and that reliance was not reasonable under the circumstances, the person who relied on it assumes the risk of loss. There is no duty to accept or respond to a digitally signed message. If someone decides not to rely on a digital signature, they must promptly tell the signer why.https://minnesotalawyer.com/statutes/chapter-325k/325k.21/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.21/This section gives digital signatures the same legal force as written documents signed on paper. A message that bears a digital signature and meets the requirements of this chapter is just as valid, enforceable, and effective as if it had been written and signed on paper. The section makes clear that courts and parties must treat properly digitally signed electronic messages the same as paper documents.https://minnesotalawyer.com/statutes/chapter-325k/325k.22/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.22/A copy of a digitally signed message is just as legally valid as the original, unless the signer specifically designated one instance as the unique original. This is similar to how a photocopy of a written contract is generally treated as equivalent to the original. If the signer wants to create a unique original—such as for a negotiable instrument—they must clearly say so in the document.https://minnesotalawyer.com/statutes/chapter-325k/325k.23/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.23/This section allows digital signatures to serve as the equivalent of a formal acknowledgment (notarization) when they meet certain requirements. A licensed notary public can use a digital signature to acknowledge documents electronically, and a certification authority can issue a certificate confirming that a digital signature constitutes an acknowledgment. These digital acknowledgments have the same legal effect as a traditional notarized signature.https://minnesotalawyer.com/statutes/chapter-325k/325k.24/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.24/This section sets out legal presumptions that apply when courts resolve disputes about digital signatures. When a digital signature is verified using the public key listed in a valid certificate from a licensed certification authority, the court must presume that the signature was created by the person named in the certificate. The section also allocates liability between certification authorities, subscribers, and relying parties when something goes wrong.https://minnesotalawyer.com/statutes/chapter-325k/325k.25/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.25/This section sets the requirements for ‘recognized repositories’—public databases where information about certificates, including their status and revocation, is stored and made available. The Secretary of State can recognize repositories that meet the legal requirements. A recognized repository is the authorized place for certification authorities to publish certificate information so that relying parties can check certificate status.https://minnesotalawyer.com/statutes/chapter-325k/325k.26/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.26/This section gives the Secretary of State authority to adopt administrative rules to carry out the Electronic Authentication Act. Rules must be adopted through the standard rulemaking process and can address any aspect of the chapter, including technical standards, licensing requirements, fees, and procedures. Rules adopted under this authority have the force of law.https://minnesotalawyer.com/statutes/chapter-325k/325k.27/Mon, 01 Jan 0001 00:00:00 +0000https://minnesotalawyer.com/statutes/chapter-325k/325k.27/This section makes clear that the Electronic Authentication Act does not limit the authority of the Minnesota Supreme Court to adopt court rules about the use of electronic signatures and documents in court proceedings. The Legislature wanted to make clear that the courts retain their separate authority to regulate their own procedures. Both this chapter and any court rules can apply, depending on the context.