Security is essential to the development of an online business. If users of the internet, whether traders or customers, do not have confidence in the security of transactions carried out using e-commerce, they will find alternative means of transacting. The need for security generally requires the use of techniques employing encryption technology. The way in which this technology works is explained below under What is encryption technology?
Encryption technology is also used for creating digital signatures, which are electronic methods of signing messages or documents. Digital signatures are used to prove that a particular electronic message or document has in fact been signed by the individual purporting to sign it. They will therefore play an increasingly important role in enabling parties to online transactions to be sure that they know with whom they are contracting - a key factor in promoting confidence in online trading, particularly from a trader’s perspective. The operation of digital signatures in practice is explained under What are digital signatures?
The trader will also need to be paid for the goods or services supplied - a fundamental element of most transactions. The various methods by which payments may be made online are considered separately in the Practice note, Payment on the internet (www.practicallaw.com/A26636).
In addition to analysing the technical aspects of encryption technology and digital signatures, this note also considers the following related legal issues in ten jurisdictions worldwide (Australia, Brazil, Canada, France, Germany, Italy, Spain, Sweden, the UK and the US):
The extent to which there are legal controls on the use or development of encryption technologies, and on the import or export of such technologies.
The extent to which law enforcement bodies have legal rights to access encrypted messages or data.
How digital or electronic signatures are legally defined, and the extent to which such signatures are admissible as evidence in legal proceedings.
How providers of services relating to the use of digital signatures are regulated, and in what circumstances they may incur liability to parties using their services.
Encryption is the means by which a message is translated or scrambled into another form which cannot be read unless the reader is in possession of a ’key’. Encryption is relevant to almost all e-commerce; it is used, for example, in:
’Secure’ electronic transactions with which third parties should not be able to interfere.
Simple communications, such as e-mails.
The exchange of data which must be kept confidential, for example, under data protection laws.
All other exchanges of data which those communicating want to keep private.
A key is usually generated by using an algorithm, which is a mathematical rule. If the key used by the recipient is the same as the key used by the sender, the method of encryption is known as “symmetric” encryption. As the same key is shared, the security of this means of encryption depends on how the key is communicated to both parties prior to the transaction. For this reason, symmetric systems tend to be used in transfers of data within an organisation or between a small number of organisations (for example, between banks), as the key is not communicated over an open network. Generally a 128-bit key is considered to be secure in symmetric systems (a key of this length is used in Netscape browsers, for example).
“Asymmetric” encryption (also known as “public key encryption”) involves the use of two different keys which are owned by the recipient - one of these is kept ’private’ and the other is made ’public’. The public key, which is disclosed to the world at large, cannot be used to determine the private key. The asymmetric nature of public key encryption enables confidential communication without prior communication of the secret code. The system works as follows:
The sender of the message encrypts it using the recipient’s public key, which the recipient has previously made publicly available.
The message is then sent to the recipient who uses his corresponding private key to decrypt the message.
Any third party who intercepts the message cannot access the content unless he is in possession of the recipient’s private key.
This method of public key encryption is illustrated in the box Digital signatures using public key encryption.
At present, in public key encryption systems, it is generally considered that keys with a length of at least 1,024 bits should be secure. Public key encryption is particularly useful for sending short messages, but is less practical where large amounts of data are being transmitted.
Encryption is also at the heart of digital rights management (DRM) systems used to protect those intellectual property rights (particularly copyright works) that are made available in digital form. Existing DRM standards include XrML and ODRL, which are machine-readable languages used to express rights related to content and conditions (such as payment) for exercising those rights. Many competing standards exist at present and in the coming years it can be expected that consensus-forming between the entertainment and consumer electronics industries will result in a core set of industry-wide standards being adopted.
There are still a number of difficulties in relying on public key encryption. For example, a third party such as a criminal investigation authority may in some circumstances have a legitimate reason for gaining access to an encrypted message, as encryption techniques are powerful tools for enabling criminals to avoid public authority surveillance techniques (see further Interception of encrypted data). A clear tension therefore exists between governmental and commercial interests as regards the development of encryption products, which has led to the imposition of controls on the export of encryption products in some jurisdictions, notably the US and the EU (see further Import and export of encryption technologies).
Most of the countries surveyed have no controls on the use and development of encryption technologies. In Brazil, Canada, Germany, Italy, Sweden, the UK and the US, encryption technologies can be developed and used freely. In the remaining countries surveyed, the position is as follows:
In Australia, while there are generally no controls on the development and use of encryption technologies, approvals may be required for certain specific uses, such as in a public switched telephone network or for the encryption of particularly sensitive material relating to matters such as defence.
In France, encryption products or services for ensuring authentication (of the identity of a sender of a message) and integrity (of data sent in a message, that is, that the message has not been changed) can be used freely. Encryption products or services for ensuring confidentiality which use up to 128-bit encryption can be used freely, provided that they are declared by the manufacturer or importer, but prior authorisation is required for the use of such encryption products or services with a strength of more than 128 bits.
There are currently no legislative controls on the use and development of encryption technologies in Spain, although the General Telecommunications Act 11/1998 provides that persons intending to use such technologies may be required by regulations made under the Act to provide the Spanish authorities with the relevant decoding equipment. No such regulations currently exist.
(See Country Question 1.)
As mentioned above, there is a tension with regard to encryption products between governments and law enforcement bodies (who are keen to ensure that they have access to any encryption products), and commercial interests (who wish to be able to exploit technologies developed by them as widely as possible). This has led to the introduction of export controls in most of the jurisdictions surveyed. The US, for example, had imposed strict controls on the export of encryption products and, on grounds of national security, had required that exported products may have only a weak form of encryption. Clearly this was against the interests of US providers of encryption products, given the highly lucrative nature of the market for these products, so there has been some relaxation of the law (see details below). Some jurisdictions, such as France and Spain, impose restrictions on the import of certain encryption products. The general rationale for controlling the import of such products is to ensure that the country of import (particularly its law enforcement agencies) has access to or knowledge of the encryption products which may be used by its citizens.
Among the jurisdictions surveyed, only France and Spain have controls on the import of encryption technologies. In France, the import of encryption technologies for ensuring confidentiality with an encryption key of up to 128 bits is unrestricted if it has been declared by the supplier or manufacturer to the Direction Centrale de la Sécurité des Systèmes d’Information, however, the import of encryption keys longer than 128 bits is subject to prior authorisation. There are no controls on the import of technologies used to ensure authentication, integrity and non-repudiation (“non-repudiation” means that the creator or sender of information cannot at a later stage deny his intentions in creating or transmitting the information). In Spain, the import of encryption software is controlled under Royal Decree 491/1998 on Dual-Use Materials although there is an open general licence in relation to certain mass market encryption products.
EU position. At EU level, the export of encryption technologies is subject to controls imposed by Regulation 1334/2000 of 22 June 2000 (as amended by Council Regulation 1504/2004 of 19 July 2004) setting up a Community regime for controlling the export of dual-use items and technology (OJ 2000 L159/1) (Dual-Use Regulation). “Dual-use items” are defined as “items, including software and technology, which can be used for both civil and military purposes ”. The object of the regulation is to establish a common system of export controls on dual-use items in all the member states and to ensure that the export of certain technologies is subject to authorisation.
The Dual-Use Regulation provides that an authorisation will be required for the export of the dual-use items listed in Annex 1 to the regulation (Article 3(1)). Certain software which is "generally available to the public is excluded from the scope of the controls by virtue of the General Software Note contained in the Dual-Use Regulation, but this exclusion does not extend to “information security” software specified in Category 5, Part 2 of Annex 1 unless it is “in the public domain” in the sense that it has been made available without restriction on its further dissemination. Essentially, under Annex 1, Categories 5A002 and 5D002, Part 2, export authorisation will prima facie be required for software utilising cryptography (that is, the encoding or concealing of data while in storage or transit) employing digital techniques which perform any function other than authentication or digital signature, and which has one of the following:
A symmetric algorithm employing a key-length in excess of 56 bits.
An asymmetric algorithm where the security of the algorithm is based on specific high-strength logarithms.
Further, software will require export authorisation if it is designed or modified to perform cryptanalytic functions, that is, if it may be used to find weaknesses in ciphers and cryptosystems (that is, secret code systems) that will permit decoding without necessarily knowing the key or algorithm.
On the basis of Categories 5A002 and 5D002, software which performs no function other than that of authentication or digital signature will prima facie not be subject to export control.
In addition, a ’mass-market’ cryptography exemption from export controls applies to software which meets all of the following requirements:
It is generally available to the public by being sold, without restriction, from stock-at-retail selling points by means of over-the-counter transactions, mail order transactions, electronic transactions or telephone call transactions.
The cryptographic functionality cannot easily be changed by the user.
It is designed for installation by the user without further substantial support by the supplier.
When necessary, details of the goods are accessible and will be provided, upon request, to the competent authorities of the member state in which the exporter is established in order to ascertain compliance with conditions. (Annex 1, Category 5, Part 2, Cryptography note 3.)
There is a general export authorisation for exports from the EU to Australia, Canada, Japan, New Zealand, Norway, Switzerland and the US, which applies to all export-controlled dual-use items listed in Annex II to the regulation (including information security software, but not cryptanalytic software), subject to a few very specific exceptions (Article 6(1)).
In the case of the high specification cryptanalytic software mentioned above (Category 5A002.a.2), an authorisation will be required for transfers between EU member states (Article 21(1) and Annex IV).
Where exports do not fall within the general export authorisation under Article 6(1) described above (in other words, where the export destination is not one of the countries listed in Annex II, or the software performs cryptanalytic functions), export authorisation must be granted by an authority within the member state where the exporter is established. Such authorisations may be individual, global or general.
With regard to the position in individual EU member states:
In France, the export of encryption technologies ensuring confidentiality (as distinct from technologies used to ensure authentication, integrity and non-repudiation) is subject to prior authorisation, regardless of the length of the encryption key.
The export of encryption technology from Germany generally triggers the application of the Dual-Use Regulation and corresponding national regulations, which usually means that authorisation is required, although there are a number of specific exemptions.
The Dual-Use Regulation has been implemented into Italy’s national law, although encryption technologies intended for digital signature or electronic authentication are excluded from the scope of the export controls (provided that the specific technical requirements of the Dual-Use Regulation are met).
In Spain, the export of encryption software is subject to controls under national legislation implementing the Dual-Use Regulation, and there is an open general export licence in relation to certain ’mass-market’ encryption products.
The export of encryption technology from Sweden is subject to the controls in the Dual-Use Regulation, supplemented by national legislation on the control of exports of dual-use items and technical aid.
The Dual-Use Regulation has been implemented by national legislation in the UK. There is an open general export licence in relation to certain ’mass-market’ encryption products, and a further such licence allowing exports to most countries (except those specifically listed) provided that the cryptographic development software does not perform cryptanalytic functions.
Position outside the EU. Outside the EU, the position in the countries surveyed is as follows:
The export of encryption software from Australia is regulated by the Customs (Prohibited Exports) Regulations. The export of encrypted hardware or software is subject to the prior approval of the Department of Defence. Where the relevant materials are exported physically, rather than by electronic means, permits are required from the Australian Customs Authority.
Brazil has no restrictions on the export of encryption technology.
The export of encryption technologies from Canada is subject to general export controls, such as those relating to the country of destination. They are specifically controlled under Category 1150 of the Export Control List. A general export permit, for which no application is required, applies to the export of ’mass-market’ cryptographic software other than to a small number of controlled countries.
In the US, the export of encryption software is controlled by the Export Administration Regulations (EAR), and administered by the Bureau of Industry and Security (formerly known as the Bureau of Export Administration). Previously strict controls on the export of encryption products were relaxed in 1999 when the US government responded to lobbying by companies engaged in the supply of encryption products and decided to allow the export of:
encryption technologies of any key-length to private-sector or commercial firms anywhere in the world (except Iran, Iraq, Libya, Syria, Sudan, North Korea and Cuba), after a one-time technical review;
retail encryption commodities or software to any users (including governmental users, but excluding users in the seven countries listed above), again after a one-time technical review); and
encryption technologies embodying publicly-available encryption source code, without any technical review (the “source code” of a computer program is the code in which the program is originally written, which is intelligible to a suitably trained human being, as distinct from the “object code” into which the program must be translated in order to be intelligible to a machine).
In October 2000, the Bureau of Export Administration (as it was then known) clarified these rules to allow for the immediate export of encryption technologies (except for ’code-breaker’ technologies) to any of the following countries upon registration and without technical review: the 25 existing EU member states, Australia, Japan, New Zealand, Norway and Switzerland.
For more detailed information on the position in each of the countries surveyed, see Country Question 2.
As mentioned above, tensions have developed between commercial users of encryption products (who aim to ensure the commercial confidentiality of their communications) and law enforcement bodies regarding the extent to which law enforcement bodies should have legal rights to access encrypted messages and data. Proponents of e-commerce are concerned that an increase in the rights of law enforcement authorities to intercept encrypted data may discourage the commercial use of the internet, as commercial confidentiality would be threatened. Civil liberties groups also generally view the right to intercept encrypted messages and data as an invasion of privacy.
Notwithstanding specific rights of interception that may be granted to them, law enforcement agencies face a number of practical problems in preventing encryption technologies from being used to further serious crime. For example, it is technically more complex to intercept communications using Internet Protocol (IP) data networks than the circuit-switched networks that were used previously. It can also be difficult to identify the IP communications of an interception subject. These problems are encountered in most of the countries surveyed, and it seems likely that co-operation between law enforcement bodies and the technology industry will provide the only means of resolving them.
In the following jurisdictions, law enforcement bodies have (or will have, upon the adoption of proposed legislation) specific rights enabling them to gain access to the means for decrypting data or to require senders or recipients to provide plain text versions of their messages:
In Australia, the authorities may obtain access to encryption technologies in certain circumstances. The ordinary police powers of search and seizure allow access to encrypted information, and the authorities may direct the translation of information if it is suspected that it was used in the commission of a criminal offence. Further, under the Telecommunications Interception Act 1979, authorities may obtain warrants for the interception of communications where there is a threat to national security, and in some circumstances the authorities may have the power to demand that information be decrypted.
In France, keys used as a means of ensuring confidentiality must be provided to an approved key escrow agent, who is required to release the keys to public authorities in the circumstances set out in the relevant provisions of the Criminal Procedure Code. Further, the Act on Daily Security of 15 November 2001 extended the powers of judicial authorities to access information in the course of criminal proceedings and provided that all suppliers of encryption technologies ensuring confidentiality must provide the means of decryption to authorised agents (approved by the Prime Minister).
In Spain, the General Telecommunications Act requires decoding equipment to be provided for “supervision purposes”, but it is unclear whether this refers to tests by the authorities to determine whether the decoding equipment complies with general technical requirements or to a right to intercept any such encoded communications. The only specific Spanish legislation dealing with encryption technologies (Electronic Signatures Act 59/2003) does not require certification authorities to provide the governmental authorities with encryption keys. Generally, the interception of communications for law enforcement purposes may only be made pursuant to a court order under the Spanish Criminal Procedures Act, and this does not include any specific requirement to decrypt or provide the means of decryption.
The Regulation of Investigatory Powers Act 2000 in the UK provides that if the authorities acquire encrypted information as a result of interception under the Act or in any other lawful way, the person with the key may be required to provide it or, in some circumstances, to decrypt the information without providing the key.
In the following jurisdictions, there is no specific legislation regarding rights of access to encrypted technologies, but the authorities may be able to rely on other legal grounds in order to gain access:
In Brazil, Provisional Measure 2200/01 of 24 August 2001 establishes the Main Certifying Authority. The Managing Committee of the Brazilian public key infrastructure has issued rules regarding key escrow. Private keys generated by the Main Certifying Authority must be stored in an encoded format in the same secure hardware component (that is, a secure computer) used to generate them and their confidentiality ensured. Public keys generated by certifying authorities of the level immediately below the Main Certifying Authority must be delivered to the Main Certifying Authority. Law enforcement authorities will only have access to the keys upon a court order or with formal authorisation from the holders. (Resolution 1 of 25 September 2001 of the Managing Committee of the Main Certifying Authority.)
In Canada, private keys could be subject to disclosure under the search and seizure provisions of both the Criminal Code and the Competition Act.
In Germany, it is possible that, by analogy with the provisions of the Code of Criminal Procedure relating to the interception or recording of telecommunications, prosecuting authorities may be entitled to obtain access to encryption keys in order to investigate the commission of criminal offences, although there is not yet any case law on the point. Such access, except in emergencies, could only be obtained upon the issue of a warrant by a judge.
Access to encryption technology in the US may be available pursuant to a subpoena or search warrant.
For more detailed information on the position in each of the countries surveyed, see Country Question 3.
As has been mentioned, it is important for the parties to an online transaction to know with whom they are contracting, and one means of achieving this is through using digital or electronic signatures.
The expression “electronic signature”, in general non-legal terms, refers to any electronic means of identifying the signer of a message or document and indicating his approval of that message or document, including a “digital signature”. The UNCITRAL (United Nations Commission On International Trade Law) Model Law on Electronic Signatures, adopted on 5 July 2001, contains a useful definition of an electronic signature as:
“data in electronic form in, affixed to, or logically associated with, a data message, which may be used to identify the signatory in relation to the data message and to indicate the signatory’s approval of the information contained in the data message”.
Such data may include biometric tokens, personal identification numbers (PINs), user identifications and passwords, digitised signatures and digital signatures. The last of these, a “digital signature”, is an electronic method of signing a message which is based on asymmetric encryption technology (as explained above under What is encryption technology?).
Digital signatures are central to the development of both e-commerce and mobile telephone commerce. Mobile telephone companies are therefore developing systems which allow digital signatures to be sent by mobile telephone (see Use of digital signatures in m-commerce, below).
A digital signature can serve the same purpose as a handwritten signature, in that it may signify authorship, acknowledgement or assent. However, digital signatures can also fulfil important functions that handwritten signatures cannot. For example, a digital signature allows the recipient of a digitally signed communication to determine whether:
The communication was created by the purported signer (known as “authentication of identity”).
The communication has changed since it was digitally signed (known as “message integrity”).
However, digital signatures have certain drawbacks. For example, while handwritten signatures are completely under the control of the signer, a digital signer has to use computer equipment and software that may or may not be trusted to perform as requested; handwritten signatures have an original that is distinguishable from copies while digital signatures do not; and, while handwritten signatures can be approximately copied, digital signature copies produced by a stolen key are completely authentic.
Paper signatures usually have intrinsic associations with a particular person because they consist of that person’s name and unique handwriting. However, the public-private key pairs (described below) which are used to create digital signatures have no intrinsic association with anyone - they are nothing more than large numbers. A solution to this problem is for both the sender and the recipient to enlist a “certification authority” or a "trusted third party" to perform the tasks necessary to associate a personal entity on one end of the transaction with the keeper used to create the digital signature at the other end (again as described below).
Public key encryption can be used to verify the sender and the contents of a message (the message itself does not need to be encrypted). The sender uses software to produce a number (known as “a hash” or message digest) which represents the sum of all numbers in the message. The sender then applies his own private key to the hash function and transmits the plain text message along with this encrypted hash (that is, the digital signature). The recipient decrypts the encrypted digital signature using the sender’s public key. The recipient also produces a hash of the plain text message. The decrypted hash will only correspond to the new hash if the message has been sent by the sender and has not been tampered with. The box Digital signatures using public key encryption, shows how digital signatures operate using public key encryption.
However, the verification obtained by the process described above (and represented in the diagram contained in the box) would merely prove that the sender has access to the signing device - the recipient has to ensure that the public key which he understands is the sender’s public key is in fact the sender’s public key. The authenticity of the sender’s public key is provided by the use of a “trusted third party” or “certification authority”, which holds the public keys used in encryption. This will be an independent third party who will send the sender’s public key to the recipient, digitally signed (or certificated) by that third party.
The certification process generally works in the following way:
The subscriber (ie, the sender in his capacity as a subscriber to the certification authority’s services) generates his own public/private key pair.
The subscriber contacts the certification authority and produces proof of identity.
The subscriber demonstrates that he holds the private key corresponding to the public key (without disclosing the private key).
The certification authority issues a certificate which is a computer-based record attesting to the connection of the public key to an identified person or entity. The certificate also contains the subscriber’s public key and possibly other information, such as the expiration date for the public key. The certification authority will attach its own digital signature to the certificate to provide assurance as to its own authenticity and integrity. The subscriber then makes the certificate available to third parties who may wish to communicate with it. The certificate will generally be kept in an electronic database - the equivalent of digital yellow pages. An example of a certificate issued by a certification authority is as follows:
“At the time it was requested, I, the certification authority, went through my published process to verify the company’s identity. This may, or may not, be to a level satisfactory to you. I do not know the company or whether it is trustworthy, or even what its business is. Unless I have been told the private key has been compromised, I will not know if it has been stolen or given to someone else - and it is up to you to check whether it has been revoked. My liability is limited to that expressed in my Policy Statement - which you should have read before using the keys associated with this company.”
To be certain as to the effect of a certificate such as this, the recipient will need to confirm the certification authority’s processes in order to determine what procedures have been followed by it. The certification authority will usually seek to limit its responsibility to following this procedure (the liability of certification authorities is discussed further under Supervision of certification service providers).
It is also clear that, in order to enable an individual to verify the authenticity of the certification authority’s public key, it is necessary to obtain a certificate from another, higher-level certification authority which acts as a certification authority for the first certification authority. That higher-level certification authority may in turn need certification from an even higher-level certification authority, and so the process continues. How far the recipient of a message needs to take this chain of certificates will depend on the importance of the communication.
If security is breached at any stage, the subscriber may notify the certification authority with whom its public key or electronic signature is registered and the authority would then revoke it. Anyone who subsequently contacted the authority would be notified that it had been revoked.
A global ’public key infrastructure’ of trusted third parties or certification authorities has not developed as quickly as had widely been anticipated. Instead, infrastructures have developed in a more fragmented way, with a variety of authentication mechanisms and multiple discrete trust communities emerging. The current expectation is that most organisations will rely on particular trust solutions to support their business functions within their relevant trust community (that is, specific industry vehicles will develop). In place of trusted third parties or certification authorities, “trust brokers” will emerge who will moderate between communities of trust and manage and control the trust relationship.
A number of commercial issues also need to be addressed before it is likely that full use of public key infrastructure will be made for the purpose of transactions on the internet, including the following:
Co-operation between parties involved in transactions and technology providers needs to increase.
Different approaches to public key infrastructure need to be standardised in order to achieve a high level of interoperability.
The governance of trusted third parties or certification authorities, and the means by which they can recover costs, needs to be clarified.
Another important step towards the more widespread use of digital signatures is the acceptance of electronic signatures under countries’ legal systems (for example, whether electronic signatures satisfy legal requirements for documents to be “signed”, and whether they are admissible as evidence in legal proceedings). These issues are discussed below under Law relating to digital signatures.
Digital signatures will become increasingly important to the development of mobile telephone commerce (or “m-commerce”), as mobile telephones and other personal devices develop (for example, PDAs, laptops and notebook computers) and enable a range of transactions to be carried out in this way.
The use of digital signatures in m-commerce will require mobile digital signature processes to be embedded into the mobile devices to enable user identification and authentication, and mobile telephone carriers will need to develop methods of processing and verifying digital signatures. One issue to be resolved is whether private keys will be stored in hardware (for example on a smart card or sim card) or whether they will be stored using software-based solutions. There are currently different ways to incorporate a smart card into mobile phones - single SIM (all information on one smart card), dual chip (two smart cards - one for authentication and one for value added services) and dual slot (SIM card and slot for external smart card).
The preliminary requirements for an m-commerce transaction are similar to those which apply to any other electronic transaction: there must be authenticity with respect to the source of the message, it must not be possible for any changes to be made without detection, the sender cannot deny having sent the message, and the contents of the message must be kept confidential.
Because of the large number of practical applications that are involved in mobile digital signatures, the development of industry standards for integrating mobile digital signatures into business will be of considerable importance. In view of the global nature of m-commerce, such standards will need to be accepted worldwide. The “mobile electronic signature consortium”, an association of companies and organisations from the mobile telephone and internet sectors, are working on the development of such standards.
Examples of specific projects for the development of mobile digital signatures at national level are described in the box Developing mobile digital signatures.
In Germany, the four major banks (Commerz Bank, Deutsche Bank, Dresdner Bank and Hypovereinsbank) are working on a project for the development of mobile digital signatures, known as “MoSign”. The banks intend to offer companies and private customers a joint, open standard for secure online transactions via mobile telephones or personal organisers. The private key will be recorded on the chip card and will be used with a personal identification number, enabling the user to create a personal digital signature. The user’s mobile device will generate a hash value from the original text string sent by the trader’s application server. The hash value is sent to the smart card where it is signed with the sender’s private key and then returned to the mobile device. The original text string, assigned hash value (digital signature) and sender certificate are then combined to form a new text string which is sent to the trader’s application server. The application server then forwards the string to the certification authority to verify the signature.
There have also been developments in the UK. For example, the Radiocommunications Agency has piloted public key infrastructure software designed for mobile e-commerce using highly secure techniques developed by the mobile telephone company, Vodafone, and a number of other companies.
Visa's 3-D Secure is Visa International's global specification designed to ensure the security of internet payments made over mobile phones. Developed in conjunction with some 15 major industry players, the specification is part of Visa Authenticated Payment, a comprehensive e-commerce program designed to ensure safe and secure online payment transactions. The Mobile 3-D Secure specification extends payment authentication initiatives into mobile commerce, enabling Visa card issuers to validate the identity of their cardholders in real time. It ensures that payment data sent over open networks is not compromised and allows consumers to actively protect their Visa accounts from unauthorised use when shopping online using mobile devices.
In 2003, American Express, Master Card and Visa, together with over 100 other organisations in the financial and telecommunications sectors launched the Mobile Payment Forum. The stated aim is to develop a framework for standardising secure card-based mobile payments. Key issues which the forum plans to address include encryption methods, card holder authentication and inter-operability.
Simpay is a mobile payment scheme founded by Orange, Telefónica Móviles, T-Mobile and Vodafone with a focus on low value payments of under ten euros. Simpay forecasts that, thanks to the interoperability of its platform (other operators are expected to join the scheme), it will enable over 1 billion extra transactions for the mobile phone industry by 2007. It is expected to be commercially available in 2005.
All the countries surveyed have laws dealing specifically with electronic signatures. The object of such laws is essentially to promote the use of electronic communications in situations where parties’ signatures are traditionally required. The legislation in the various jurisdictions approaches this in two ways:
First, by defining electronic signatures in functional, technology-neutral terms, which means that a method of signing electronically that approximates the functions of a traditional signature will be legally recognised (see Definition of electronic signatures).
Second, by providing that electronic signatures are admissible as evidence, or at least that they will not be denied legal effect merely because they are made electronically (see Admissibility of electronic signatures as evidence).
Although there are significant differences between the laws of the countries surveyed relating to electronic signatures generally, there are similarities in the way in which an “electronic signature” is defined. Only Italy has a law which specifically defines a “digital signature”.
In the EU, the use of electronic signatures is governed by the EC Electronic Signatures Directive (Directive on a Community framework for electronic signatures, 1999/93/EC, OJ 2000 L13/12), which has now been fully implemented in all the member states surveyed with the exception of France where certain implementing measures are still under discussion.
The Directive defines an “electronic signature” as “data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication” (Article 2(1)). Further, an “advanced electronic signature” is defined as an electronic signature which is:
Uniquely linked to the signatory.
Capable of identifying the signatory.
Created using means that the signatory can maintain under his sole control.
Linked to the data to which it relates in such a manner that any subsequent change of the data is detectable (Article 2(2)).
With regard to the position in individual EU member states:
In France, there is a general definition of the term “signature” as the signature required for a binding contract which identifies the person who executes it, while an “electronic signature” is more specifically defined as a signature using a reliable identification method which guarantees the link to its associated document (Electronic Signature Act of 13 March 2000; Article 1316, French Civil Code).
The definitions of electronic signature and advanced electronic signature in Germany follow the corresponding definitions in the Electronic Signatures Directive (section 2, Signature Act of May 2001). In addition, a “qualified electronic signature” is defined as an advanced electronic signature that is based on a qualified certificate valid at the time of its creation and which has been produced with a secure signature-creation device (the meaning of a “qualified certificate” is considered below under Admissibility of electronic signatures as evidence).
In Italy, there is a specific definition of a “digital signature” as the product generated by the combination of two asymmetrical keys which may be affixed to an electronic document or attached to it (Consolidated Text on Administrative Documentation (Decree No. 445 of 28 December 2000)). The digital signature must allow the identification of the person making the digital signature and the service provider who certifies the digital signature and keeps the register in which the digital signature is published for inspection.
In Spain, the Electronic Signatures Act differentiates between an "advanced" electronic signature, a "recognised" advanced electronic signature and an ordinary electronic signature. The definitions are similar to those contained in the Electronic Signatures Directive.
In Sweden, an electronic signature is defined as data in electronic form attached to or logically associated with other electronic data and used to verify that the content originates from the alleged issuer and has not been altered (Qualified Electronic Signatures Act (2000:832)). The definition of an advanced electronic signature follows the definition in the Electronic Signatures Directive, and a “qualified electronic signature” is defined as an advanced electronic signature based on a qualified certificate and created by a secure signature-creation device.
In the UK, an electronic signature is defined as anything in electronic form which is incorporated into or otherwise logically associated with any electronic communication or electronic data, and which purports to be so incorporated or associated for the purpose of being used in establishing the authenticity of the communication or data, the integrity of the communication or data, or both (section 7(1), Electronic Communications Act 2000). There is a definition of an “advanced electronic signature” which follows the definition in the Electronic Signatures Directive (Electronic Signatures Regulations 2002).
Outside the EU, the position in the countries surveyed is as follows:
Australia’s Electronic Transactions Act 1999 does not define electronic signatures. The Act provides that where a person’s signature is legally required, that requirement is taken to have been met in relation to an electronic communication if, in all cases, a method is used to identify the person and to indicate the person’s approval of the information and, having regard to the relevant circumstances at the time, the method was as reliable as was appropriate for the purposes of the communication (section 10). Further, if the signature is required to be given to a Commonwealth entity, any particular method or technology requirements of that entity must be met, and if the signature is required to be given to a private entity, the consent of the recipient to the method used must be given.
In Brazil, Provisional Measure P2200/01 does not define digital signatures. A new Bill regarding digital signatures is currently being discussed by the Brazilian Congress (PL 4.906/01). The Bill is based on UNCITRAL’s Model Law and defines a digital signature as the result of electronic data processing services, based on an asymmetric cryptosystem, that makes it possible to confirm the authenticity and integrity of an electronic document created by someone through his private key.
In Canada, the Uniform Electronic Commerce Act (a model law which has been or is in the process of being enacted in almost all Canadian provinces) defines an electronic signature as information in electronic form that a person has created or adopted in order to sign a document and that is in, attached to or associated with the document. Most provinces have adopted this definition. At federal level, the Personal Information Protection and Electronic Documents Act (S.C. 2000, c.5) defines an electronic signature as a signature that consists of one or more letters, characters, numbers or other symbols in digital form incorporated in, attached to or associated with an electronic document. The Act also prescribes that a “secure electronic signature” is an electronic signature" that complies with a designated technological process (which has not, as yet, been published by regulators).
In the US, the federal Electronic Signatures in Global and National Commerce (E-SIGN) Act and the Uniform Electronic Transactions Act (UETA, which had been enacted in 45 of the 50 states as of May 2004) are technology-neutral and do not deal with digital signatures separately from electronic signatures generally. An electronic signature is defined in both pieces of legislation as “an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record”. Therefore, the term electronic signature includes a digital signature as well as other forms of electronic signature. At the state level, certain states have adopted technology-specific legislation in which a digital signature is typically described as an electronic signature that is a transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer’s public key can accurately determine:
whether the transformation was created using the private key that corresponds to the signer’s public key; and
whether the initial message has been altered since the transformation was made.
For more detailed information on the definition of digital signatures in the legislation of each of the countries surveyed, see Country Question 4.
Many of the countries surveyed approach the issue of the admissibility of electronic signatures as evidence by providing that such signatures will not be denied legal effect or admissibility merely because they are made electronically, rather than by positively providing that they shall be effective and admissible as evidence.
In the EU, the Electronic Signatures Directive distinguishes between the requirements for the legal effectiveness and admissibility of “advanced electronic signatures”, on the one hand, and ordinary electronic signatures, on the other hand (as those expressions are described above under Definition of electronic signatures).
The requirements in relation to advanced electronic signatures are fairly prescriptive. Member states must ensure that any advanced electronic signature which is based on a “qualified certificate” and created by a “secure signature-creation device”:
Satisfies the legal requirements of a signature in relation to data in electronic form in the same manner as a handwritten signature satisfies those requirements in relation to paper-based data.
Is admissible as evidence in legal proceedings (Article 5(1)).
A “qualified certificate” is an electronic record (usually kept by a certification authority) which links a signatory’s public key to the signatory and confirms the identity of the signatory, and which:
Is identified as a qualified certificate.
Identifies the certification authority and its place of establishment.
Contains the name of the signatory.
Allows for a specific attribute of the signatory to be included (for example, membership of a professional body).
Contains the public key which corresponds to the private key of the signatory.
Contains the period of validity of the certificate.
Has an identity code for the certificate.
Is signed by the certification authority’s advanced electronic signature.
May contain certain limitations on scope of its use or the value of transactions for which the certificate can be used.
A “secure signature-creation device” means any software or hardware which is used by a signatory in conjunction with the signatory’s private key to create an electronic signature and which ensures that the signatory’s private key:
Can only occur once and is kept secret
Cannot be derived and that the signature is reasonably protected against forgery.
Can be reliably protected by the signatory.
In relation to an ordinary electronic signature, however, the Directive merely requires member states to ensure that such a signature is not denied legal effectiveness and admissibility as evidence in legal proceedings solely on the grounds that it is:
In electronic form.
Not based upon a qualified certificate.
Not based upon a qualified certificate issued by an accredited certification service provider.
Not created by a secure signature-creation device (Article 5(2)).
With regard to the position in individual EU member states:
A digital signature is admissible as evidence in France if it is based on a reliable identification method which guarantees the link between the signature and its associated document.
In Germany, the admissibility of digital signatures in evidence is subject to the normal rules of the Code of Civil Procedure.
In Italy, an electronic document has the same legal authority as a written document and, when digitally signed, it has the same legal authority as a written and hand-signed document (Consolidated Text on Administrative Documentation (Decree No. 445 of 28 December 2000)). In addition, an agreement entered into by means of any electronic device, and signed by means of a digital signature, will have the same legal effect as a written and hand-signed agreement provided that a number of specific technical requirements are satisfied.
In Spain, under the Electronic Signatures Act 59/2003, a recognised advanced electronic signature (see Country Question 4) is admissible as evidence in legal proceedings provided that certain requirements are met. Other electronic signatures, although not entirely reliable, cannot be dismissed as evidence in a civil or criminal trial. It will be for a court to decide what weight is to be given to the evidence in the particular circumstances of each case.
A principle of free evaluation is applied in Sweden, which essentially means that any kind of evidence can be presented, and that evidence cannot be rejected solely on the ground that it is in electronic form.
In the UK, an electronic signature, or the certification by any person of such a signature, is admissible as evidence in relation to any question as to the authenticity or integrity of a particular electronic communication or particular electronic data (section 7(1), Electronic Communications Act 2000). It is for the courts to decide in each case whether an electronic signature has been correctly used and what weight should be attributed to it.
Outside the EU, the position in the countries surveyed is as follows:
In Australia, under the Electronic Transactions Act 1999 and the federal and state Evidence Acts, digital signatures are admissible as evidence in relation to issues such as the authenticity and integrity of communications or data, subject to the normal rules of evidence.
In Brazil, digital certificates that comply with the ICP-Brazil rules will be presumed valid for the purposes of establishing the authenticity, integrity and legal validity of electronic documents. Other certifications may be considered valid for the purposes of establishing the authenticity, integrity and legal validity of electronic documents if the certificate is deemed valid by the parties or accepted by the person to whom it is presented (Provisional Measure 2200/01).
It is likely that digital signatures will be admissible as evidence in Canada. The requirements for the authenticity and integrity of evidence do not differ substantially between paper-based and electronic environments. In addition, the Canada Evidence Act (R.S.1985 c.C-5) expressly provides that statements made under oath, declarations and witnessed signatures can be made in electronic form if the person, together with the person before whom the statement is made or who is witnessing the signature, uses a signature that meets the definition of “secure electronic signature” (as described under Definition of electronic signatures above). The Uniform Electronic Evidence Act (UEEA), a model law adopted by the Uniform Law Conference of Canada in August 1997 which sets out certain rules relating to the admissibility of documents, does not expressly provide for the admissibility of digital signatures.
The federal E-SIGN Act and UETA in the US provides that a signature, contract or other record may not be denied legal effect, validity or enforceability solely because it is in electronic form. Electronic signatures are therefore admissible in court as if they were handwritten signatures and may be used for any purpose.
See Country Question 5 for more detailed information on the rules relating to the admissibility of digital signatures as evidence in each of the countries surveyed, and Country Question 6 for information on the extent to which digital signatures are treated as legally equivalent to handwriting.
Where certification authorities perform the function of both trusted third party and certificate issuer in public key infrastructure systems (then being known as “certification service providers”), there is potential for significant losses to be incurred by either the sender (that is, the signing party) or the recipient (that is, the party relying on the certificate) of communications signed using a certificated digital signature. For example, a party relying on the certificate may incur liability if that party relies on a certificate issued by the certification service provider, where in fact the certificate should have been revoked at the request of the signatory. A signatory may incur liability if a transaction cannot be concluded because the certification service provider has not made the signatory’s certificate available to the relying party upon request or where a transaction is concluded erroneously in the name of the signatory (for example, in the certificate issued by the certification service provider, it may have matched the identification details of the signatory with the public key of some other party).
As a result, regulators have attempted to both impose varying degrees of supervision on the activities of certification service providers and to establish statutory schemes of liability for the protection of users.
Supervision of the activities of certification service providers in the countries surveyed ranges from the imposition of mandatory registration, licensing and other requirements to systems of self-regulation or voluntary regulation. In some countries, there is no regulation of any kind.
Of the countries surveyed, among the strictest are Australia, Brazil, Italy and Spain. In Australia, the Gatekeeper accreditation scheme provides that all providers of certification services to government agencies must be accredited. In Brazil, Provisional Measure 2200/01 and resolutions issued by the Managing Committee of the Brazilian public key infrastructure contain the requirements to be met by organisations wishing to be recognised as certification authorities. In Italy, although the regulation of certification service providers has been relaxed (so that prior authorisation by the relevant authorities is no longer required for Italian and EU certificate providers), a special category of "voluntarily accredited" certification authorities require authorisation. These authorities may operate in Italy as long as they meet certain requirements (for example, in terms of business form, level of capitalisation, the technical skills of their personnel, and the quality of their procedures and products). In Spain, certification authorities are not required to register with any public authority, but must keep a copy of their certification policy available. In addition, providers may choose to participate in a voluntary accreditation approved by the Ministry of Justice.
In Germany, while there is no mandatory licensing or approval requirement for providers of certification services, providers are required to meet certain minimum standards (that is, relating to reliability, specialist knowledge and financial coverage) and to demonstrate to the Federal Regulation Office for Telecommunications and Postal Services that they are able to do so.
There are no mandatory registration or licensing requirements in the remaining countries surveyed, but in some cases there are other supervisory requirements or voluntary schemes, for example:
The Canadian government has actively encouraged industry-led accreditation of private-sector certification authorities.
In France, certification authorities may apply for accreditation, but are not obliged to do so.
No prior approval is required in Sweden, but notice must be given to the National Post and Telecommunications Authority in order to provide qualified certificates to the public.
In the UK, Part 1 of the Electronic Communications Act provides for approval of suppliers of "cryptography support services". However, this part of the Act has not yet been brought into force, as the UK government currently favours self-regulation.
In the US, where certification authorities do not require government approval, but some states provide for voluntary registration.
For more detailed information on the registration, licensing and supervision of certification authorities in each of the countries surveyed, see Country Question 7.
In addition to licensing and supervision schemes, various industry standards for digital signatures and certification authority services have been developed in the jurisdictions surveyed and internationally. In terms of certificates used in public key infrastructures, the X.509v3 certificate is quickly becoming the industry standard. In addition, international standard ISO17799 for certification products and activities provides valuable guidance.
On 14 July 2003, the European Commission published a list of generally recognised standards that meet the requirements for secure electronic signature products as set out in the Electronic Signatures Directive (2003/511/EC). The standards listed are CWA 14167-1, CWA 14167-2 and CWA 14169.
For details of the various standards in each of the countries surveyed, see
There are specific laws dealing with the legal liability of certification service providers in the EU countries (based on the Electronic Signatures Directive (see below)), with the exception of France. In the remaining countries surveyed, the legal liability of certification service providers is determined under the general law (in Australia, the general law position is similar to the position in the EU under the Electronic Signatures Directive).
In the EU, the Electronic Signatures Directive contains provisions relating to the liability of certification service providers. Member states are required to ensure that, as a minimum, a certification service provider is liable for damage caused to any party who reasonably relies on a certificate issued by the provider:
As regards the accuracy of the information in the certificate;
For assurance that the party identified in the certificate is the holder of the private key corresponding to the public key identified in the certificate;
For assurance that the public key and the private key can be used in a complementary manner where the certification service provider has generated them both;
unless the certification service provider can prove that it has not acted negligently (Article 6).
Member states must also ensure that, as a minimum, a certification service provider is liable for damage caused to any person who relies on a certificate where the certification service provider has failed to revoke that certificate, unless the provider can prove that it has not acted negligently (Article 6(2)).
Certification service providers are permitted to specify limitations on the use of certificates and to place limits on the value of transactions for which certificates can be used, and will not be liable for damages arising from use which exceeds such limitations (Article 6(3) and (4)).
With regard to the position in individual EU member states:
In France, the Draft Bill on building confidence in the digital economy provides that certification authorities are presumed to be liable for damage to persons who have reasonably relied on certificates they have issued (particularly where damage occurs because the authority has omitted to register the revocation of a certificate), unless they can prove that they have not been negligent. However, certification authorities are not liable for damage caused by the use of a certificate beyond the limits set out for its use or in excess of the value of the transactions for which it may be used, provided that those limits have clearly been notified to users in the terms of the certificate.
In Germany, under section 11 of the Signature Act, a certification authority may be held liable for damage occurring to a third party who relied on:
the information contained in a qualified certificate;
a qualified time stamp; or
information regarding electronic signatures and its relation to a signatory as set out in section 5 of the Signature Act.
Certification authorities can be held liable for damages to persons relying on their certificated signatures unless they prove that such damages cannot be attributed to their negligence.
Certification authorities in Spain are liable for damage caused to users and third parties (section 22, Electronic Signatures Act 59/2003). In addition, certification authorities who have issued certificates in the form of recognised certificates must have a civil liability insurance policy covering damages up to EUR3,000,000 or, alternatively, lodge a bank guarantee for the same amount.
In Sweden, the liability regime for certification authorities broadly reflects the provisions of the Electronic Signatures Directive.
In the UK, strict liability is imposed on a certification service provider where a person relies on a qualified certificate issued or guaranteed by the provider for certain specified matters (including the accuracy of the information contained in it) and suffers loss as a result (Regulation 4, Electronic Signatures Regulations 2002). Liability is also imposed on the provider for loss suffered by a relying party as a result of non-revocation of the certificate. A statutory duty of care is created between the certification service provider and the relying party in respect of these matters, and the provider will be liable unless it can prove that it was not negligent.
Outside the EU, the position in the countries surveyed is as follows:
In Australia, the position under the general law regarding the liability of certification authorities is similar to that in the EU under the Electronic Signatures Directive. In general, a certification authority will be liable in damages unless it can show that it was not negligent. Certification authorities may limit their liability in certain circumstances.
In Brazil, the Main Certification Authority and the other registration authorities will be liable to relying parties for damages they cause, unless there is evidence of fault on the part of the relying party (Resolutions 1, 7 and 8 of the Managing Committee of the Brazilian public key infrastructure). In addition, certification authorities will be subject to the Brazilian Consumer Protection Code, under which suppliers are strictly liable for defects and imperfections in services or products provided to consumers.
In Canada, there is currently no specific legislation dealing with the liability of certification authorities, although it is possible that an action in tort could be brought against a certification authority (no such claim has yet been made or considered by the Canadian courts).
In the US, the liability of a certification authority will be determined in the particular circumstances of each case. Certification authorities typically use contractual provisions in an attempt to limit liability.
For more detailed information regarding the liability of certification authorities in each of the countries surveyed, see Country Question 9.
Steve Holmes is a Senior Associate in the London office of Baker & McKenzie.