Primary navigation

    Opinion Library

    To return to this list after selecting an opinion, click on the "View entire list" link above the opinion title.

    RSS feed

    Advisory Opinion 98-013

    March 20, 1998; Minnesota Secretary of State

    3/20/1998 10:15:43 AM

    This is an opinion of the Commissioner of Administration issued pursuant to section 13.072 of Minnesota Statutes, Chapter 13 - the Minnesota Government Data Practices Act. It is based on the facts and information available to the Commissioner as described below.


    Facts and Procedural History:

    For purposes of simplification, the information presented by the person who requested this opinion and the response from the government entity with which the person disagrees are presented in summary form. Copies of the complete submissions are on file at the offices of PIPA and, with the exception of any data classified as not public, are available for public access.

    On January 30, 1998, the Commissioner received a letter dated January 29, 1998, from Joan Growe, Secretary of State, State of Minnesota. In her letter, Secretary Growe requested that the Commissioner issue an advisory opinion regarding the classification of certain data maintained by the Office of the Secretary of State.

    A summary of the facts surrounding this matter is as follows. In her letter, Secretary Growe wrote:

    Digital signature technology is authorized in Minnesota Statutes chapter 325K and is the technological equivalent of an ink signature on a piece of paper. When using digital signature technology, a state employee would possess a private key which is part of the key pair needed to confirm that state employee's identity. The control of the private key and the preservation of its confidentiality is critical to the success of digital signature technology.

    The private key is generally used to sign an electronic message. The message is then sent via the Internet or some other means of telecommunication to the recipient who uses the sender's public key to verify the sender's identity and that the message has not been altered since it was signed.

    Verification occurs by checking a certification authority, licensed by the secretary, to find the public key which has been tied to the sender. The public and private keys are part of a key pair and each set is unique.

    Without preserving the integrity of the private key, the entire methodology supporting digital signatures does not work.

    Digital signatures are important to government in that they permit many transactions to occur over the Internet or other network in an electronic format. Delivery of documents is quicker and routine transactions such as purchase orders do not need to be committed to paper. Without the certainty that private keys in the hands of government employees are protected under the Minnesota Government Data Practices Act, there will be reluctance to use this technology.

    Issue:

    In her request for an opinion, Secretary Growe asked the Commissioner to address the following issue:

    What is the classification of the following data maintained by the Office of the Minnesota Secretary of State: private keys from key pairs used by state and other government employees to digitally sign electronic messages?

    Discussion:

    The enabling legislation for digital signature technology is found at Minnesota Statutes Chapter 325K. The Office of the Secretary of State, in addition to other government entities, might possess private keys. Private keys are integral to securing the electronic transmittal of data; the pairing of a private key with its corresponding public key is used to verify the signature accompanying the data. The Commissioner agrees with Secretary Growe that unless government entities can preserve the integrity of the private keys, the methodology supporting digital signatures will not work.

    Although Chapter 13 does not contain a provision specifically classifying private keys as not public data, it is the Commissioner's opinion that private keys are security information and are protected under Section 13.37. Subdivision 1 (a) of Section 13.37 defines security information as government data the disclosure of which would be likely to substantially jeopardize the security of information, possessions, individuals or property against theft, tampering, improper use, attempted escape, illegal disclosure, trespass, or physical injury. Section 13.37, subdivision 2, classifies security information about individuals as private and security information not about individuals as nonpublic.

    Private keys are data the disclosure of which would be likely to substantially jeopardize the security of information . . . against theft, tampering, improper use . . . Therefore, they are classified as not public data, pursuant to Section 13.37.

    Opinion:

    Based on the facts and information provided, my opinion on the issue raised by Secretary Growe is as follows:

    Private keys from key pairs maintained by the Office of the Minnesota Secretary of State used by state and other government employees to digitally sign electronic messages are private data.

    Signed:

    Elaine S. Hansen
    Commissioner

    Dated: March 20, 1998


    Security information

    Digital signature technology (private keys)

    Digital signature technology

    back to top