Go to the Main Laws page

U. S. DEPARTMENT OF TRANSPORTATION (DOT)

The Department of Transportation was established by an act of Congress on October 15, 1966, the Department’s first official day of operation was April 1, 1967. The mission of the Department is to:

Serve the United States by ensuring a fast, safe, efficient, accessible and convenient transportation system that meets our vital national interests and enhances the quality of life of the American people, today and into the future.

FEDERAL RAILROAD ADMINISTRATION (FRA)

The Federal Railroad Administration (FRA) promotes safe and environmentally sound rail transportation. With the responsibility of ensuring railroad safety throughout the nation, the FRA employs safety inspectors to monitor railroad compliance with federally mandated safety standards including track maintenance, inspection standards and operating practices. The FRA conducts research and development tests to evaluate projects in support of its safety mission and to enhance the railroad system as a national transportation resource. Public education campaigns on highway-rail grade crossing safety and the danger of trespassing on rail property are also administered by FRA.

49 CFR : Transportation
PART 213—TRACK SAFETY STANDARDS Subpart F—Inspection

§ 213.241 Inspection records.

Link to an amendment published at 70 FR 66298, Nov. 2, 2005.

(e) For purposes of compliance with the requirements of this section, an owner of track may maintain and transfer records through electronic transmission, storage, and retrieval provided that—

(1) The electronic system be designed so that the integrity of each record is maintained through appropriate levels of security such as recognition of an electronic signature, or other means, which uniquely identify the initiating person as the author of that record. No two persons shall have the same electronic identity;

Using secure usernames and passwords that are unique to each user is critical.

(2) The electronic storage of each record shall be initiated by the person making the inspection within 24 hours following the completion of that inspection;

Storing all files for a minimum of amount of time is important for all federal ESIGN regulations. Users will then have enough time to downloaded file to their computer, saved to a portable medium (CD, DVD or others) or even printed to paper.

Allowing any file type to be electronically signed increases the availablity of the electronic record as described in Section 8 and gives each business the ability to select the best electronic format for their clients.

(3) The electronic system shall ensure that each record cannot be modified in any way, or replaced, once the record is transmitted and stored;

File Integrity Hashes that can be used by all parties to the electronic record to verify that no changes or errors have occurred helps users to comply with (3).

 

U. S. FEDERAL AVIATION ADMINISTRATION (FAA)

The FAA is responsible for the safety of civil aviation. The Federal Aviation Act of 1958 created the agency under the name Federal Aviation Agency. The FAA adopted the present name in 1967 when we became a part of the Department of Transportation. Their major roles include:

• Regulating civil aviation to promote safety
• Encouraging and developing civil aeronautics, including new aviation technology
• Developing and operating a system of air traffic control and navigation for both civil and military aircraft
• Researching and developing the National Airspace System and civil aeronautics
• Developing and carrying out programs to control aircraft noise and other environmental effects of civil aviation
• Regulating U.S. commercial space transportation

Acceptance and Use of Electronic Signatures, Electronic Recordkeeping Systems, and Electronic Manuals (online here)

e. Electronic Signature. The online equivalent of a handwritten signature. It is an electronic sound, symbol, or process attached to or logically associated with a contract or other record and executed or adopted by an individual. It electronically identifies and authenticates an individual entering, verifying, or auditing computer-based records. An electronic signature combines cryptographic functions of digital signatures with the image of an individual’s handwritten signature or some other visible mark considered acceptable in a traditional signing process. It authenticates data with a hash algorithm and provides permanent, secure user-authentication.

5. What is an acceptable electronic signature?

a. General. Before recent changes to permit the use of electronic signatures, handwritten signatures were used on any required record, record entry, or document. The electronic signature’s purpose is identical to that of a handwritten signature or any other form of signature currently accepted by the FAA. The handwritten signature is universally accepted because it has certain qualities and attributes (e.g., subparagraph c(4)(d) below concerning employee termination) that should be preserved in any electronic signature. Therefore, an electronic signature should possess those qualities and attributes that guarantee a handwritten signature’s authenticity.

b. Forms of Electronic Signatures.

• • A digital signature
  • A digitized image of a paper signature
  • A typed notation
  • An electronic code
  • Any other unique form of individual identification that can be used as a means of authenticating a record, record entry, or document

(1) An electronic signature may be in the following forms.

 

(4) Signature Security. The security of an individual’s handwritten signature is maintained by ensuring that it is difficult for another individual to duplicate or alter it. An electronic signature should maintain an equivalent level of security. An electronic system that produces signatures should restrict other individuals from affixing another individual’s signature to a record, record entry, or document. Such a system enhances safety by preventing an unauthorized individual from certifying required documents, such as an airworthiness release.

Using File Integrity Hashes, that can be used
by all parties to the electronic record, helps to verify that no changes or errors
have occurred.

(5) Non-repudiation. An electronic signature should prevent a signatory from denying that he or she affixed a signature to a specific record, record entry, or document.

These are definitions of authentication and identification in direct connection to repudiation of the signatory. These two concepts go hand in hand. The stronger your authentication methods are, the less risk you have regarding non-repudiation. It is best to authenticate
the user yourself. After all it is your client or business partner you are signing the file with and you know if Steve is Steve, or if he is really someone else.

As was stated in (4), misrepresentation is not exclusive to the electronic world, as a person could walk into your office and sign a document, claiming to be someone they are not. This requires businesses to establish authentication based on things they know. A business is really seeking a way to make the signature capturing process an extension of their current business process.

By issuing the appropriate licenses directly to your client, as opposed to using third party vendor verification, the user can help to strengthen the case against repudiation. One assumes you know your client or business partner and therefore your authentication of their identity through a recognized email address, phone number and IP address is inherently more compelling than a third party vendor verification that you have never seen. Use secure usernames, passwords and email based ID to controll access to the files and signature to only authorized users.