Energy industry to adopt digital signatures

Giving digital signatures their biggest endorsement to date, energy giants such as Entergy Corp. and American Electric Power Co. Inc. plan to convert to a new digital certificate using newly developed signature specifications as part of every power trade they make.

Digital Signature Trust LLC (DST) in Salt Lake City will introduce the new certificates May 6.

Already, many of the energy industry’s leading companies have plans in place to adopt the new technology. Alan Thornton, staff engineer at Entergy in New Orleans, said his company will begin its migration to the new certificates May 13 and that it will require all trading partners who want to use its transmission lines to conform to the new standards by the end of June.

“While it will require some change, we think it will ultimately be easier to use and provide better security,” he said, adding that the certificates currently used in the industry can be difficult to update and aren’t current with the latest encryption techniques.

Others preparing to accept the new certificates include American Electric Power in Columbus, Ohio, and UBS Warburg Energy in Houston, which earlier this year acquired the energy trading business of Enron Corp.

Those three companies alone engage in billions of dollars’ worth of online trades every year and will give digital signatures a push unlike anything seen in private industry to date. In December, 15 banks began a digital signature pilot program as part of an effort to clear electronic payments in one day as opposed to the three days currently required.

Alan Davidson, director of energy services at DST, said digital signatures that conform to standards recently submitted to the World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF) will be required for every online trade once companies such as Entergy begin using the technology.

The certificates will be awarded to individual employees of energy trading companies for US$175 a piece and will be valid for a year after issuance. Every time a certified individual makes a trade, the trading systems will check DST’s database to verify they’re conducting business with a reputable party.

Thornton said that beyond security, the new signatures, which use browser-based links to DST’s public-key infrastructure, will also be an improvement over the current system, in which authentication software must be loaded onto individual workstations.

The new certificates also comply with draft authentication procedures submitted to the North American Energy and Reliability Council, which sets standard trading practices for the energy industry.

Lawyer Tom Smedinghoff, a partner at Baker & McKenzie in Chicago, believes that governmental and industry association regulations are ultimately what will drive digital signature adoption. But simplicity will be a critical incentive to potential users, he added.

“I’ve been involved with limited digital signatures initiatives in the pharmaceutical and financial industries, and the technology complexity and the legal complexity are sometimes formidable,” he said.

While many business and IT managers might have expected rapid adoption of digital signatures after the federal government approved legislation in 2000 to permit their use, the technology to do it wasn’t in place, said Joseph Reagle, co-chairman of the W3C/IETF XML signatures working group, which published its draft standards in February.

“We had to figure how to assign parts of XML documents while making sure we didn’t compromise the data integrity,” he said. “That took a significant amount of work and effort.”