BILL ANALYSIS �Ó
AB 1238
Page 1
Date of Hearing: January 12, 2016
ASSEMBLY COMMITTEE ON HEALTH
Rob Bonta, Chair
AB 1238
(Linder) - As Amended April 20, 2015
SUBJECT: Certified copies of marriage, birth, and death
certificates: electronic application.
SUMMARY: Authorizes the State Registrar, a local registrar, or
a county recorder to accept an electronic request for a
marriage, birth, or death certificate if the requestor attests,
under penalty of perjury, they are an authorized person.
Requires the request to provide a method for the official to
establish the identity of the requester electronically.
Specifically, this bill:
1)Authorizes the State Registrar, or a local registrar or county
recorder to accept electronic acknowledgement, sworn under
penalty of perjury, that the requester of a marriage, birth,
or death certificate is an authorized person.
2)Requires, if the request is accepted electronically, the
request process to provide a method for the official to
establish the identity of the requester electronically. The
method to process electronic requests and to establish the
requester's identity would be required to comply with the
provisions of the California Uniform Electronic Transactions
�
AB 1238
Page 2
Act and all other applicable state and federal laws and
regulations to protect the personal information of the
requester and guard against identity theft.
3)Includes a cross reference to Penal Code Section 530.5 which
provides that it is a crime to willfully obtain the personal
identifying information, as defined, of another person and use
that information for any unlawful purpose.
EXISTING LAW:
1)Charges the Office of Vital Records with the responsibility of
maintaining a uniform system for registration and a permanent
central registry with a comprehensive and continuous index for
all birth, death, fetal death, marriage, and dissolution
certificates registered for vital events which occur in
California.
2)Allows the State Registrar, local registrar, or county
recorder to furnish a certified copy of birth, death, or
marriage to applicants upon request if:
a) The request is written, faxed, or a digitized image and
accompanied by a notarized statement that is written,
faxed, or a digitized image, sworn under penalty of
perjury, that the requester is an authorized person, as
defined; or,
b) The request is made in person, and the official takes a
�
AB 1238
Page 3
statement, sworn under penalty of perjury, that the
requester is signing his or her own legal name and is an
"authorized person."
3)Defines "authorized person," for purposes of obtaining
certified copies of birth, death, or marriage records, as any
of the following:
a) The person who is the subject of the record or the
parent or legal guardian of that person;
b) A party who is entitled to receive the record as a
result of a court order;
c) Law enforcement or governmental agency personnel
conducting official business;
d) A child, grandchild, sibling, spouse, domestic partner,
or grandparent of the person who is the subject of the
record;
e) An attorney or other person empowered to act on behalf
of the person who is the subject of the record; or,
f) An agent or employee of a funeral establishment who
orders death certificates when acting on behalf of
specified individuals.
�
AB 1238
Page 4
4)Provides that, in all other cases in which the requester does
not meet the requirements of an authorized person, a certified
copy may be provided to the requester but the document shall
be an informational certified copy and shall be redacted to
remove any signatures that appear on the document. Requires
the certified copy to contain the statement "INFORMATIONAL,
NOT A VALID DOCUMENT TO ESTABLISH IDENTITY."
FISCAL EFFECT: This bill has not been analyzed by a fiscal
committee.
COMMENTS:
1)PURPOSE OF THIS BILL. According to the author, individuals
seeking vital records in California suffer longer wait times
and pay significantly higher fees than individuals seeking
records in most other states due to outdated statutes that
govern vital records request policies. The author states that
county and local staff are significantly burdened by current
policies that dictate that a vital records request may only be
partially competed online, followed by a notarized affidavit
submitted on paper. This hybrid system of online requesting
means, practically, that a vital records request cannot be
processed without thousands of hours of county staff time
wasted because staff must manually attach related documents
for each individual request as supporting documentation is
submitted. The author further asserts that California's
policies are drastically out of step with national trends to
increase access to vital government services through online
technologies, as 34 other states and 171 local jurisdictions
allow for digital authentication of vital records requests
online as a standard matter of practice.
2)BACKGROUND. The Office of Vital Records is charged with the
responsibility of maintaining a uniform system for
�
AB 1238
Page 5
registration and a permanent central registry with a
comprehensive and continuous index for all birth, death, fetal
death, marriage, and dissolution certificates registered for
vital events which occur in California. Certified copies of
these records are available from the State Registrar, the 58
county recorders, and 61 local health jurisdictions.
3)CALIFORNIA UNIFORM TRANSACTIONS ACT. This bill would require
the electronic request for a vital record to provide a method
for the official to establish the identity of the requester
electronically. The method established to process electronic
requests and establish the requester's identity would be
required to comply with the provisions of the California
Uniform Electronic Transactions Act (Act). The purpose of the
Act is to standardize state laws regarding retention of paper
records (namely checks) and electronic signatures, in an
effort to facilitate the validity of electronic contracts and
transactions.
The Act, however, does little in the way of providing security
against fraud. It allows for electronic notarization of
signatures and provides that the requirement of an electronic
signature under penalty of perjury is satisfied if the
"electronic record includes, in addition to the electronic
signature, all of the information as to which the declaration
pertains together with a declaration under penalty of perjury
by the person who submits the electronic signature that the
information is true and correct." Further, the Act does not
require any standard of security, but merely defines a
"security procedure" as a procedure employed for the purpose
of verifying that an electronic signature, record, or
performance is that of a specific person or for detecting
changes or errors in the information in an electronic record.
The procedure should include the use of algorithms or other
�
AB 1238
Page 6
codes, identifying words or numbers, encryption, or callback
or other acknowledgment procedures."
4)ELECTRONIC AUTHENTICATION GUIDELINES. Electronic
authentication (e-authentication) is the process of
establishing confidence in user identities electronically
presented to an information system. E-authentication presents
a technical challenge when this process involves the remote
authentication of individual people over an open network (i.e.
the internet), for the purpose of electronic government and
commerce. The National Institute of Standards and Technology
(NIST), under the U.S. Department of Commerce, released
guidelines in 2013 to provide technical guidance to agencies
to allow an individual to remotely authenticate his or her
identity to a federal IT system. These guidelines address
only traditional, widely implemented methods for remote
authentication based on secrets. With these methods, the
individual to be authenticated proves that he or she knows or
possesses some secret information.
5)EXECUTIVE ORDER ON SECURING CONSUMER DATA ONLINE. In response
to several high profile consumer data breaches, potentially
leading to credit card fraud and identity crimes, President
Obama issued an executive order on October 17, 2014 aimed at
improving the security of consumer financial transactions. It
states that "given that identity crimes, including credit,
debit, and other payment card fraud, continue to be a risk to
U.S. economic activity, and given the economic consequences of
data breaches, the United States must take further action to
enhance the security of data in the financial marketplace.
While the U.S. Government's credit, debit, and other payment
card programs already include protections against fraud, the
Government must further strengthen the security of consumer
data and encourage the adoption of enhanced safeguards
nationwide in a manner that protects privacy and
confidentiality while maintaining an efficient and innovative
financial system." In part, the order directed the National
�
AB 1238
Page 7
Security Council staff, the Office of Science and Technology
Policy, and Office of Management and Budget to present to the
President by March, 2016 a plan to ensure that all agencies
making personal data accessible to citizens through digital
applications require the use of multiple factors of
authentication and an effective identity proofing process, as
appropriate.
6)SUPPORT. The Urban Counties Caucus, cosponsor of this bill,
writes in support that counties process thousands of these
types of requests which can be very time consuming for both
county staff and consumers. This bill would provide a more
user-friendly way to get access to these records through
established systems that verify the user's identity which
could provide significant cost savings to counties and provide
better customer service for these vital records. The
California State Association of Counties, cosponsor of the
bill, states that updating vital records requests could also
reduce the overall cost to the consumer of obtaining vital
records. The current fee for a certified copy of a birth
certificate in Los Angeles County ranges from $23 to $28, and
the average notary fee is an additional $20.
7)OPPOSITION. The Privacy Rights Clearinghouse (PRC) argues in
opposition to the bill that the substitution of an electronic
acknowledgement for a notarized affidavit will facilitate the
ability of identity thieves and other fraudsters to obtain
vital records that can then be used to engage in criminal acts
against Californians. Certified copies of birth certificates
can be used to fraudulently obtain many other important
documents such as passports, driver's licenses, and
identification cards. Certified copies of death certificates
can be used to fraudulently obtain decedents' death benefits,
including life insurance proceeds and investment accounts.
Vital records contain a wealth of personal information, which
if inappropriately released to the wrong person can result in
�
AB 1238
Page 8
a significant violation of privacy. Privacy is protected by
California's Constitution, and should not be set aside merely
to facilitate the issuance of vital records.
8)RELATED LEGISLATION. AB 1546 (Olsen) requires the State
Registrar, in consultation with the County Recorders'
Association of California and other stakeholders, to study the
security features for paper used to print vital records, or
suitably secure alternative features, and report findings and
recommendations to the legislature by January 1, 2018. AB
1546 is schedule to be heard in this committee on January 12,
2016.
9)PREVIOUS LEGISLATION.
a) AB 2275 (Ridley-Thomas) of 2014 was identical to this
bill and failed passage in the Senate Judiciary Committee.
b) AB 464 (Daly), Chapter 78, Statutes of 2013, allows
digitized images, as defined, to be included as part of a
request for a certified copy of a birth, death, or marriage
record.
c) AB 130 (Jeffries), Chapter 412, Statutes of 2009,
extends the existing limitations on the release and access
of birth and death records to marriage records in order to
prevent the unauthorized use of personal information.
d) SB 471 (Margett) of 2007 would have required any
individual, authorized by law to obtain a certified copy of
�
AB 1238
Page 9
a birth or death certificate, to show proof of
identification when the request is made in person, except
when the individual has been a victim of identity theft.
SB 471 died in the Senate Health Committee.
e) AB 1179 (Parra), Chapter 6, Statutes of 2004, prohibits
county recorders from providing certified copies of
military discharge papers except to specified persons and
allows county recorders to accept faxed, notarized
documents when specified information is present and
photographically reproducible.
f) AB 247 (Speier), Chapter 914, Statutes of 2002,
authorizes the State Registrar, local registrar, or county
recorder to provide a certified copy of a birth or death
record to an authorized person who submits a statement
sworn under penalty of perjury that the requester is
signing his or her own legal name and is an authorized
person.
10)POLICY COMMENT. Vital records contain a wealth of personal
information, which if inappropriately released to the wrong
person could result in a significant violation of privacy.
Privacy is protected by California's Constitution, and must be
protected with the highest possible standards. Certified
copies of birth certificates can be used to fraudulently
obtain many other important documents such as passports,
driver's licenses, and identification cards. Certified copies
of death certificates can be used to fraudulently obtain
decedents' death benefits, including life insurance proceeds
and investment accounts. Given the inherent difficulties in
verifying the identity of an individual over the Internet, and
the countless opportunities for identity theft that vital
records in the wrong hands could create, strong protections
�
AB 1238
Page 10
must be in place to ensure that vital records are safely
maintained.
11)SUGGESTED AMENDMENTS.
a) Supporters of this bill have cited many other
jurisdictions that use a specific technology known as
"dynamic knowledge-based authentication" to ensure security
and avoid identity theft. The language in the bill,
however, does not describe any specific standards or
guidelines for security that will protect personal
information of the requester and guard against identity
theft. The Committee may wish to amend this bill to
specify the actual security standards that will be used to
protect personal information, as follows:
Section 103526(a)(3) If a request for a certified copy of
a birth, death, or marriage record is made
electronically, the official may accept an electronic
acknowledgment, verifying the identity of the requestor
using a remote identity proofing process aligned with the
US Federal guidelines for security and privacy ensuring
that the requester is an authorized person. The identity
proofing process for security and privacy shall include
dynamic knowledge based authentication or an identity
proofing method consistent with the electronic
authentication guidelines of The National Institute of
Standards and Technology. The verification must sworn
under penalty of perjury, that the requester is an
authorized person pursuant to this section. The request
shall also provide a method for the official to establish
the identity of the requester electronically, pursuant to
this section. A system or product used to process the
electronic request and establish the requester's identity
shall comply with the provisions of the California
Uniform Electronic Transactions Act and all other
�
AB 1238
Page 11
applicable state and federal laws and regulations to
protect the personal information of the requester and
guard against identity theft. If a requester's identity
cannot be established electronically pursuant to this
paragraph, the requester may accompany his or her request
with a notarized statement of identity pursuant to
paragraph (1).
b) As drafted, the cross reference to Penal Code section
530.5 in paragraph (5) would inadvertently create a new
crime of identity theft that is not consistent with
identity theft as defined in the cross-referenced code
section. Attesting to a false identity under this section
is already defined as perjury in current law; therefore the
cross-reference to identity theft in the Penal Code may be
unnecessary. The Committee may wish to amend the bill to
strike paragraph (5) of the bill.
(5) Willfully obtaining or assisting another person in
obtaining a vital record when he or she is not authorized
to receive that record is a crime pursuant to Section
530.5 of the Penal Code.
REGISTERED SUPPORT / OPPOSITION:
Support
California State Association of Counties (cosponsor)
Urban Counties Caucus (cosponsor)
�
AB 1238
Page 12
California Association of Clerks and Election Officials
California Association of County Veteran Service Officers
Little Hoover Commission
Los Angeles County Board of Supervisors
Rural County Representatives of California
Opposition
American Civil Liberties Union of California
Consumer Federation of California
Privacy Rights Clearinghouse
Analysis Prepared by:Dharia McGrew / HEALTH / (916) 319-2097
�
AB 1238
Page 13