Why use Digital Signatures for Electronic Commerce?
Electronic commerce is seen by the European Commission and the UK government as one of the keys to the development of the region. In order for electronic commerce to flourish in a regional and global environment a suitable legal framework is necessary as the existing one does not satisfactorily meet the needs of an online community. Therefore the Commission is proposing certain changes to the law, which is already being consulted on in the UK as the avowed aim of the government is for the UK to be a leading country for electronic commerce in the Millennium. The legality of electronic contracts and other documents are not always clear so the proposed laws set out to give a consistent legal base to such documents. Part of this base is the recognition of electronic signatures, which can also provide secure communications, and the need to have properly established certification authorities. The UK government is also concerned about its security and other authorities obtaining access to the keys which make up electronic signatures in order to fight crime and protect national security. Unfortunately this conflicts with the needs of the electronic commerce community and there is currently major controversy around the issue. The proposed laws also deal with establishment and other matters. However, they do not deal with intellectual property rights, privacy, distance selling and other online issues which are being handled by other directives to provide a more complete electronic legal framework. This article concentrates on matters concerning electronic signatures.
This is a Commentary published on 30 June 1999.
Citation: Angel J, 'Why use Digital Signatures for Electronic Commerce?', Commentary 1999 (2) The Journal of Information, Law and Technology (JILT). <http://elj.warwick.ac.uk/jilt/99-2/angel.html>. New citation as at 1/1/04: <http://www2.warwick.ac.uk/fac/soc/law/elj/jilt/1999_2/angel/>
The European Commission's Communication 'A European Initiative in Electronic Commerce' (COM (97) 157 <http://www.cordis.lu/esprit/src/ecomcomx.htm>) sets out to describe electronic commerce. It considers it is about doing business electronically. It is based on the electronic processing and transmission of data, including text, sound and video. It encompasses many diverse activities including electronic bills of lading, commercial auctions, online sourcing, collaborative design and engineering, public procurement, direct consumer marketing, after sale service, electronic trading of goods and services, online delivery of digital content, electronic fund transfers and electronic share trading. It involves both products (for example consumer goods) and services (for example information services, computer programs); traditional activities (for example education) and new activities (for example virtual shopping malls).(COM (97) 157 para. 5)
Electronic commerce is not a new phenomenon. For many years companies have exchanged business data over a variety of communication networks but there is now accelerated expansion and radical changes, driven by the exponential growth of the Internet. Until recently no more than a business to business activity on closed proprietary networks often known as electronic data interchange (EDI), electronic commerce is now rapidly expanding into a complex web of commercial activities transacted on a global scale between an ever increasing number of participants, corporate and individual, known and unknown, on global open networks such as the Internet.(COM (97) 157 para. 6)
The Communication recognises that every form of trade needs trust and confidence between the participants. The ability to be sure who is your contracting partner, what is exactly agreed upon, what is the exact content of the transaction, when the transaction takes place, creates trust between the partners.
As we move towards the use of electronic forms of communication and documentation, this ability to trust must be maintained. Building such trust and confidence is indeed the prerequisite to win over businesses and consumers to electronic commerce. It implies the deployment of secure technologies such as digital signatures, digital certificates and secure electronic payment mechanisms, and of a predictable legal and institutional framework to support these technologies.
The European Commission recognises that Member States are approaching the issue of providing trust and confidence for electronic commerce in divergent ways which is likely to be ineffective given the transitory nature of electronic commerce. It also risks fragmenting the single market and thus inhibiting the development of electronic commerce in Europe.
The Communication recognises that a number of recently adopted Directives will support a consistent approach between Member States to different aspects of electronic commerce. However, a coherent regulatory framework for electronic commerce is necessary at a European level in order to create the right conditions for online businesses.
Secure technologies, such as digital signatures and digital certificates, go some way to meeting these challenges. Digital signatures enable the unambiguous confirmation of the identity of the sender and the authenticity and integrity of electronic documents. Unique to the sender and unique to the message sent, digital signatures are verifiable and non-repudiable. Similarly, the exchange of Internet certificates through an automatic 'digital handshake' between computers provides assurance that the parties are who they say they are and helps to assess whether the service provided and the goods or services delivered are genuine. (COM (97) 157 para. 36)
Copyright protection mechanisms also based on secure technologies such as cryptography and smart cards, help to ensure the protection of digital material and are a crucial factor in the emergence of a mass-market in electronic content. Also based on cryptographic methods, secure electronic payment mechanisms provide the final element of trust: the ability to pay and be paid. Such secure technologies are for the most part fully operational and commercially available today.
The Communication recognises that digital signatures will be the driving force behind the development of many new services which vary from certification (e.g. likely to identify with a public key) to fully fledged digital notary services (e.g. adding a time stamp to an electronic document, electronic archiving etc). These services are expected to play a dominant role in the Information Society, particularly in electronic commerce. However, the Communication concludes, the necessary regulatory and institutional framework supporting technologies is not yet complete, particularly in areas such as interoperability and mutual recognition across borders. (COM (97) 157 para. 36)
2.1. Digital Signatures Explained
Several different methods exist to sign documents electronically. These electronic signatures vary from very simple methods (e.g. inserting a scanned image of handwritten signature in a word processing document) to very advanced methods (e.g. using cryptography). The sub-set of electronic signatures based on public key cryptography, is often called digital signatures. The basic nature of digital signatures is that the author of an electronic document can sign his or her electronic document by using a secret cryptography key. This key must be kept private at all times by the user. The signature can only be verified with the associated public key of the author. This public key is widely known.
The idea behind this form of authentication is the confirmation of identity by proving the possession of a secret key. The author encrypts the message or a part of it with his or her secret key. The recipient of the message can check the identity of the author by decrypting the information with a public key of the presumed author. If the decryption is not successful, the recipient will not validate the message. This process of authentication relies on the public keys of the users that are accessible to all the communication partners and on a trusted relationship between the identity of the users and their public key.
Like the signature used on written documents today, digital signatures are now being used to identify authors of e-mail or other information objects of electronic data. Digital signatures can provide three important functions:
1. Authentication - to authenticate the identity of the person who signed the data so it is known who participated in the transaction.
2. Integrity - to protect the integrity of the data so it is possible to know the message read has not been changed, either accidentally or maliciously.
3. Non-repudiation - to allow it to be proved later who participated in a transaction so that it can not be denied who sent or received the data.
It should be noted that in order to create a signed message, it is not necessary to send the message itself in encrypted form. The digital signature can be appended to the message and can be verified irrespective of the form of the message itself.
Cryptography is a highly important instrument for achieving secure electronic commerce. There are a number of ways that cryptography can work in an electronic environment. The most popular method being used today is where the encoding and decoding of the message is performed by using two keys: (i) a public key which is publicly know and (ii) a secret key which is only known by the sender or the recipient or both. This cryptography technique is often known as 'public key encryption'. The public key can be used by anyone to encrypt a message. Only the owner of the secret key can decrypt it. Thus, if two parties want to send information to each other, they exchange their public keys. The public keys could also be retrieved from a database which is open to the public. When X sends to Y a message, X enciphers the message using the public key of Y. Only Y can decipher the message using his secret key.
The primary advantage of public key cryptography is increased security. The secret keys do not have to be transmitted or revealed to anyone. Another advantage of the system is that the public key and the secret key can both be used for encoding as well as for decoding. Their functions are interchangeable. This means that X can encode a message with his own secret key, which Y can decode by using the public key of X. On first sight, this seems a silly method, because everybody has access to the public key of X and can thus decrypt and read the message. This is, indeed, true. On the other hand, Y can be sure that the message can only originate from X, since he is the only one who knows the secret key. Without having contacted X before, Y can trust on the authenticity of a message. It is on this technology of sharing a public key that digital signatures are based. The key pair can be generated by the user himself by running specific cryptography software. Even the recent versions of the most popular Internet communication software such as MS Internet Explorer and NetScape Communicator, allow the user to create his own key pair.
Temporarily, secret keys are being stored on the hard disc of the user's computer. The user gains access to the secret key by entering a password or pass phrase. This type of storage, however, has the disadvantage of non-mobility. The user always needs his own computer in order to put his digital signature on an electronic file. Therefore, the storage of the secret key on a removable carrier, such as a smart card, is getting more popular. The user simply inserts his smart card into a reader by which he can sign digitally.
Once a person has generated or received his public and private key, it is extremely important to keep the secret key free from access by others. If someone gains access to the secret key, that person will be able to counterfeit the key and, thus, to create digital signatures. Protection of the secret key is, however, for the user a local matter under his control or the control of a responsible site security officer. Every person bears responsibility for his own signature and should protect it from loss, theft or illegal use. Neither should the user forward his secret key to other people such as his secretary or colleague.
The user needs the public key of his partner in order to check the authenticity of his digital signature. His public key can be delivered by the partner himself but can also be retrieved from a data base which is publicly accessible. Normally, the communication software of the user will automatically check the digital signature by retrieving previously stored public keys or accessing the relevant public database.
The authentication procedure is based on the presumption that the public key really belongs to the signer. This presumption is, however, not self evident. The risk exists that somebody creates a key pair, places the public key in a public directory under somebody else's name and thus signs electronic messages in the name of somebody else. Furthermore, a public and private key pair has no inherited association with any identity, it is simply a pair of numbers. Therefore, the assurance should exist that the public key really belongs to the claimed identity. The answer is to rely on third parties to certify public keys. A third party can guarantee the relationship between the identity and the public key. This association is achieved in a certificate that binds the public key to an identity. These third parties are known as 'Certification Authorities' (CAs) and must be accepted by all users as impartial and a 'Trusted Third Party' (TTP). In addition, the process of key certification must be full proof and should be afforded the highest level of security. The act of using a registered digital signature to sign an electronic message becomes very similar to appearing in front of a notary public to manually sign a paper.
The CA can check the identity of the user by for example passing out the certificates after a simple e-mail address check. This type of assurance is minimal, and only good for establishing a consistent presence, not for guaranteeing someone is a real person. Other certificates could be issued after receiving third party proofing of name, address and other personal information provided in the online registration. Usually this would be a check on some consumer databases.
The best identification is, of course, the personal appearance. CAs could require someone to personally take their application to a notary, who will check identification before endorsing it. This adds an additional layer of credibility to the certificate.
Digital certificates could contain every type of information necessary to identify the creator of the digital signature. Usually they contain the owner's public key, the owner's name, the expiration date of the certificate, the name of the Certification Authority that issued the digital certificate, a serial number and perhaps some other information. CAs signs information and thereby adds credibility to the certificate. People who receive the certificate check the signature and will believe the attribute information/public key binding if they trust that certifying authority. In order to allow an automated checking of the certificates it is important that the certificates are built up in the same form. It is therefore necessary that standards are being followed, describing the elements that the certificate should contain.
Many cases could exist where the certificate of somebody should not be used or trusted any more, such as an employee who leaves the company, someone's computer or smart card containing the secret key is stolen. When a certificate becomes compromised, there must be a way to call up the Certification Authority and request that the certificate is disallowed. The most common way of making the revocation public is to put it in a database, called a 'Certificate Revocation List' or CRL. The CRL can be accessed by the public to check if the certificate of a user is still valid. A Certification Authority thus must maintain two databases, a complete list of certificates and a list of revoked certificates.
Why should the user trust the CA of the other party? There is a need for both parties who use different CAs to trust each other's authority. One way to achieve this confidence is by cross-certification. This means that both CAs certify each other's public key. Another solution could be that the two CAs are certified by a third CA, functioning as a top CA. In this hierarchical CA structure each CA only needs to be certified once in order to gain trust. At the moment, most practising CAs however, are certifying themselves by simply signing their own public key and posting the certificate on their own web sites. This self certification is possible because the CAs rely on their trust gained from other activities, such as postal services or banking activities. In order to assess the level of trust that may be put into a CA, the CA should also provide a combination of technology (such as security protocols and standards, securing messaging and cryptography), infrastructure (including secure facilities, customer support and redundant systems), and practices - a defined model of trust and legally binding framework for subscriber activities and disputes. In short, a CA should be a trusted on-line service operating 24 hours a day, seven days a week on a global basis.
The concept signature has a long tradition and is normally easy to describe. It gives basic mechanisms for secure traditional information management. A hand written signature is physically tied to a carrier (the sheet of paper) which gives border lines and structure to the information in an immediately readable format. This 'lock' for the information, provided by the carrier and the signature representing the issuer's unique patterns of handwriting, gives the reader reasons to believe that the object originates from the individual who is seen to be the originator and the identity tribute is inherent, not given to the signatory.
Digital signatures are not immediately readable and the signature, the carrier and the signed object are not physically related to each other in the same locked and durable form. A manipulation of the data normally leaves no such traces as a manipulation in the traditional environment and portions of a signed information object may be stored on different locations for example a hard disc. The visual aspect of a traditional example is replaced by technical verification of a signed information object, stored in a computer readable format and logically tied to the signature. As the digital attribute making the signature unique for the individual is assigned, not an inherent characteristic of the signatory, the signature process may be performed by any one who has access to the secret and the procedures.
The hand written signature furnishes the information with a physically unique sign of authenticity - it is an original example. Such signed objects may be in a person's possession and can thus be a carrier of authority (e.g. power of attorney) or a certain right (e.g. bills of lading and other negotiable instruments). However, the unique aspect of a digital signed object has to be related to a pattern of data, which may easily be copied and the duplicate will have exactly the same qualities as the 'template'. Consequently, unique existence of IT material is built upon the storing and transmittal of original contents and certain IT applications such as shipping documents demands some sort of registration.
The management of traditionally signed objects may in name be replaced by digital equivalents. By making use of security techniques, such as digital signatures, the authenticity of the information can be maintained. The need for protection of such objects is already carefully considered in the traditional environment. An examination of electronic commerce, electronic handling of cases by administrative agencies and similar routines shows the same need for protection in the IT environment. However, the changes relate to the transition from original examples to original context has to be noticed where appropriate. Consequently, current issues are in principle traditional matters of legal protection and security which give basic mechanisms for the information management. Instead of creating a complete new legal framework, existing achievements should be advised, as far as they are compatible with IT.
Currently Member States and trading partners are looking into the need to adapt or are already amending national law and regulation in order to provide legal validity to enable business and citizens to use digital signatures without technical or legal risk. The Communication states that a wide range of regulations at national level could, however, inhibit the establishment of service providers across both frontiers. These include differing professional requirements, differing prudential and supervisory systems, and notificational licensing arrangements (e.g. for regulated professions or financial services). (COM (97) 157 para. 40)
The legal issues regarding the use of digital signatures arise in a number of areas. Most Member States have not adapted their national legislation to the new techniques of document management. Laws of evidence as well as sectoral legislation impose explicitly or implicitly the need for penned signatures on paper documents. Consequently, the uncertainty concerning the legal status of digitally signed electronic documents contain the development of electronic commerce in Europe.
The provision of trusted services is a completely new service sector. This sector is still in its infancy, but interested market players are positioning and preparing themselves. From a legal point of view it is important to distinguish clearly between on the one hand the procedures and conditions governing the establishment of a CA and the other hand the conditions imposed on the different services provided by a CA. Different Treaty Articles (52 and 59) apply to each of these situations.
The establishment of a provider of certification services is subject to the law of the Member State concerned. Some Member States intend to impose specific establishment requirements and authorisation procedures on CAs. Others only require compliance with general provisions in the law concerning the establishment of a company. Some Member States may have voluntary authorisation schemes whereas others may impose mandatory licensing. Restrictive practices with regard the establishment of a CA could undermine the freedom of establishment, for example by discriminating without justification on the basis of nationality or by restricting, again without justification, the number of service providers.
In order to ensure reliable use and legal validity, and to combat fraud and misuse, digital signatures require adequate products, key generation, key storage, certificate storage and retrieval, signature generation and verification. Currently national, as well as European Community rulings, may hinder a free circulation of these products. For example, in some countries the use or export of encryption techniques is restricted. (Dual Use Regulation (DUR))
Following publication of the Communication and as a result of consultation with a number of interested parties including an international hearing in Copenhagen on 23 and 24 April 1998 the Commission came to the following conclusions:
1. The increasing legislative activity in the cryptography area in many Member States emphasised the urgent need for a harmonised legal framework at the European level so as to avoid the development of serious obstacles to the functioning of the internal market.
2. While there is much interest in use of public key encryption, a Directive at European level should be technology neutral and should not focus only on these kinds of signatures. The Commission envisages that a variety of authentication mechanisms will develop and that any directive should be broad enough to cover a spectrum of 'electronic signatures' which would include digital signatures based on public key encryption.
4. Electronic signatures used with enclosed user groups, for example where contractual relationships already exist, should not automatically fall within the scope of the Directive. Contractual freedom should prevail in such a context.
5. Ensuring legal recognition, in particular cross borders, of electronic signatures and of certification services should be regarded as the most important issue in the area. This would involve clarifying the essential requirements for certification service providers, including their liability.
6. Industry is supposed to take the lead with standardisation bodies in developing internationally agreed standards for electronic signatures. These standards should focus on establishing an open environment for interoperable products and services. The role of the European Commission should be to support this process.
7. At the international level, many activities and discussions were under way. These ongoing developments should be taken into account in the implementation of a legal framework at the European level.
As a result of these conclusions the Commission published a new Directive on a common framework for electronic signatures on 13 May 1998. (COM (1998) 297 final)
One of the principal objectives of the draft Directive is to remove obstacles arising from the diverging laws being introduced in various Member States. The Directive is aimed at 'enabling' the use of electronic signatures within the European Union by focusing on the essential requirements for certification services and leaves detailed implementation provisions to Member States. This is consistent with the Commission's legislative policy with regard to subsidiarity, proportionality and legislative simplification.
The detailed provisions of the Directive implement the overall objectives. Article 2.1 provides a definition of an 'electronic signature' as a signature in digital form, in, or attached to or logically associated with, data used by signatory to indicate that signatories approval of the content of that data and which meets the following requirements:
(a) is uniquely linked to the signatory
(b) is capable of identifying the signatory
(c) is created using means that the signatory can maintain under his sole control; and
(d) is linked to the data to which it relates in such a manner that it is revealed if the data is subsequently altered.
This definition seems to meet future technological developments without restricting the definition to public key cryptography.
Article 5.1 ensures that an electronic signature is not denied legal effect by a Member State in relation to its validity and enforceability solely on the grounds that the signature is in electronic form, is not based on a qualified certificate or that the certificate is not issued by an 'accredited certification service provider'.
Article 5.2 goes further and requires Member States to ensure that electronic signatures satisfy the legal requirements of handwritten signatures and are admissible in evidence before a court if:
(i) they are based on qualified certificates which meet the requirements set out in Annex 1; and
(ii) the certificates are issued by a certification service provider who meets the requirements set out in Annex 2 to the draft Directive.
The position of CAs is set out in Article 3. Firstly, no Member State can require the compulsory prior authorisation of certification service providers. Certification service provider is defined under Article 2.6 as 'a person or entity which issues certificates or provides other services related to electronic signatures related to the public'. However, under Article 3.2 Member States may encourage voluntary accreditation schemes provided the conditions upon which they are based are objective, transparent, proportionate and non-discriminatory. In practice, such accreditation will be evidenced by the compliance with Annex 2 to the draft Directive. Annex 2 requires certification service providers to:
1. Demonstrate the reliability necessary for offering certification services;
2. Offer a prompt and secure revocation service;
3. Verify by appropriate means the identity and capacity to act of the person to which a qualified certificate is issued;
4. To employ experts in the technical and management processes so that they are adequate and correspond to recognised standards. Under Article 3.3 the Commission may recognise standards as meeting this fourth requirement;
5. Use trustworthy systems and electronic signature products which are adequate for the job and which ensure the technical and cryptographic security of the certification processes supported by the products;
6. Take measures against forgery of certificates and guarantee confidentiality during the process of generating private cryptographic signature keys if relevant;
7. Be sufficiently financially secure to provide the services and to bear the legal risk of liability for damages;
8. Maintain a proper record keeping system for qualified certificates electronically and in particular for legal proceedings;
9. Not to store or copy private cryptographic signature keys of a person for whom the certification service provides office key management services unless that persons explicitly asks for it;
10. Inform consumers of the precise terms and conditions for the use of the certificate including any limitations on liability, the existence of voluntary accreditation and the procedures for complaints and dispute settlement for entering into a contractual relationship in writing using readily understandable language and a durable means of communication.
Finally in relation to the accreditation and CAs, Member States may impose additional requirements for use of signatures in the public sector.
Article 4 ensures that there is a free circulation of electronic signature products in the European Union and that there are no restrictions on the services originating in any Member State if they comply with the Directive. In addition under Article 7 foreign certificates may be recognised if the certification service provided is accredited in a Member State, or a provider established in the European Union and meeting Annex 2 requirements guarantees the foreign certificate or the certificate or the provider is recognised under a bi-lateral or multi-lateral agreement between the European Union and the third country or international organisation.
The certification service provider will issue 'qualified certificates' which are digital attestations which link the signature verification device to a person, confirms the identity of that person and meets the requirements laid down in Annex 1. Under Annex 1 qualified certificates must contain:
1. The identification of the certification service provider;
2. The unmistakable name of the holder or an unmistakable pseudonym which shall be identified as such;
3. A specific attribute of the holder such as the address, the authority to act on behalf of the company, credit worthiness, VAT or other tax registration numbers etc;
4. A signature verification device which corresponds to a signature creation device under the control of the holder;
5. Beginning and end of the operational period of the certificate;
6. A unique identity code of the certificate;
7. The electronic signature of the certification service provider issuing it;
8. Limitation on the scope of the use of the certificate, if applicable;
9. Limitations on the certification service providers liability and on the value of transactions for which a certificate is valid, if applicable.
These details of the qualified certificate link with the ability of the certification service provider to limit under Article 6 its liability. However, firstly it would be up to Member States to ensure that by issuing a qualified certificate, a certification service provider is liable to any person who reasonably relies on the certificate for:
(i) the accuracy of all the information in the qualified certificate as at the date it was issued, unless the certification service provider has stated otherwise in the certificate;
(ii) compliance with all the requirements of this Directive in issuing the qualifying certificate as described above;
(iii) the assurance that the holder identified in the qualified certificate held, at the time of the issuing of the certificate, the signature creation device corresponding to the signature verification device given or identified in the certificate;
(iv) in cases where the certification service provider generates the signature creation device and the signature verification device, assurance that the two devices function together in a complementary manner.
Provided these matters have been complied with then Member States can ensure that a certification service provider is not liable for errors in the information in the qualified certificate that has been provided by the person to whom the certificate is issued, if it can demonstrate that it has taken all reasonably practical measures to verify that information. The certification service provider may indicate in the qualifying certificate limits on the uses of a certain certificate and the provider shall not be liable for damages arising from a contrary use of the qualified certificate which includes limits on its uses. Providers may also indicate in the qualified certificate a limit on the value of the transactions for which the certificate is valid and the provider will not be liable for damages in excess of that value limit.
One final point about the draft Directive relates to data protection. The Directive reiterates that certification service providers are subject to the provisions of the Data Protection Directive.(< http://www2.echo.lu/legal/en/dataprot/directiv/directiv.html>) However under Article 8 Member States are required to ensure that certification service providers collate personal data only directly from data subjects and only in so far as it is necessary for the purposes of issuing a certificate. The data may not be collected or processed for other purposes without the consent of the data subject. Also under this Article the data subject at his or her request can require the certification service provider to indicate a pseudonym instead of the signatories' name in the certificate. Obviously this could cause problems in relation to investigations by public authorities for the investigation of criminal offences. Here a certification authority would be entitled to transfer the real name of the data subject as part of an investigation provided that the data subject is informed as soon as possible after the investigation has been completed.
On 27 April 1998 the DTI published a statement on 'Secure Electronic Commerce'. Although this was published before the publication of the draft Directive, it is clear that the DTI was aware of the European Commission's proposals. This statement outlined at the time the British Government's proposals for legislation which was also seen as part of a wider legal framework for electronic commerce. The Government saw this in terms of introducing legislation to licenced bodies providing cryptography services. Principally these were 'Trusted Third Parties' (the generic term for bodies that provide one or a variety of cryptography services to their clients), Certification Authorities (bodies which mainly issue certificates for electronic signatures) and Key Recovery Agents (responsible for facilitating the 'recovery' of encrypted data). Following from the Directive, these licensing arrangements are to be voluntary. The aim was to ensure that licenced CAs are in a position to offer certificates to support electronic signatures reliable enough to be recognised as equivalent to written signatures which was seen to be an essential ingredient for secure electronic commerce.
Organisations facilitating encryption services were to be encouraged to seek licences, particularly in relation to key recovery or providing key management services for confidentiality. This was seen as particularly important where organisations recognised the necessity of being able to recover critical data, which their staff may have encrypted or the text of the messages they had sent to clients, where permanent loss of an encryption key, because perhaps an employee has left, could be very damaging. So far these measures were all about implementing the Directive.
However, the Government was concerned about the risk that criminals and terrorists would exploit strong encryption techniques to protect their own activities by detection by law enforcement agencies. The Government was also worried that such agencies would be prevented from understanding the electronic data seized as a result of the search warrants or communications intercepted under a warrant issued by the Secretary of State. This was regarded as having particularly serious implications for the fight against serious crime and terrorism. The Government provided examples that during 1996 and 1997, lawful interception of communications played a part, often a crucial part, in operations by police and HM Customs which led to 1,200 arrests, the seizure of nearly 3 tons of class A drugs and 112 tons of other drugs, with a combined street value of over GBP 600 million. It also resulted in the seizure of over GBP 700 million in cash and property and the seizure of over 450 fire arms.
In response to these concerns, the Government stated that it intended to introduce legislation which would enable law enforcement agencies to obtain a warrant for lawful access to information necessary to decrypt the content of communications or stored data. This did not include cryptographic keys used solely for digital signature purposes. The new power was to apply to those holding such information, whether licensed or not and to users of encryption products. These powers would only be exercisable when appropriate authority had been obtained, for example a judicial warranty for the purpose of a criminal investigation or in the case of interception of communications a warranty issued by the Secretary of State, and would be subject to strict controls and safeguards. The purpose of the proposed powers, the Government stated, was solely to maintain the effectiveness of existing legislation in response to new technological developments. The powers would only apply to information which itself has been, or was being, obtained under lawful authority.
The difficulty with these considerations is that any criminal who really wishes to avoid discovery will simply not use encryption if they feel the access to their data or keys will be mandatory. At the same time it is difficult to imagine somebody who wishes to use encryption as a means of criminal activity complying with any legal requirements for the escrowing of keys. Moreover at an inter-governmental level and within global work carried out by the Organisation for Economic Cooperation and Development (OECD) and the United Nations Commission on International Trade Law (UNCITRAL) it has been generally accepted that the heavy hand of regulation on e-commerce will stifle its growth.
The Government's April Statement had been widely criticised by industry and consumer associations because of its perceived emphasis on Home Office security interests rather than the promotion of e-commerce and protection of personal privacy. In the 1998 Queen's speech to Parliament an Electronic Commerce Bill had been announced and the long expected consultation process started on 5 March 1999 with the publication of a consultative document by the DTI (the 'Consultative Document'). The delays had been caused by competing views of different government departments. On the one hand the DTI had stated that it wished to apply the 'light touch of regulation' to make digital signatures valid and to provide a regulatory infrastructure for CAs. On the other hand, the Home Office sort to control the use of strong encryption within a public key infrastructure and to impose escrow and access provisions to the algorithms and keys used in creating digitally ensure and secured transmissions.
The consultation process started with a certain amount of confusion. Not surprisingly the Home Office requirements were basically retained in relation to a 'voluntary' system. This had again proved very controversial and on the Consultative Document's publication the Government appeared to back down from the position in the Document of regulating key escrow. In addition to the pressure from industry both France and the US had just announced they were abandoning the idea of introducing similar laws because they regarded them as unworkable. This appeared to have led to last minute rethink by the Government who invited responses to the Consultative Document to suggest alternative solutions to satisfy the security forces requirements. (Ayres C 1999) However, this was within the context of a very short consultation period, namely four weeks.
The Document explained the Government's proposals for legislation to promote electronic commerce, to start updating the law to reflect what is technologically possible and to ensure that the powers of law enforcement agencies are not undermined by the increasingly widespread ability to encrypt electronic information. The policy is based on the following principles:
Following its April 1997 policy statement on electronic commerce the EC issued 'a proposal for a Directive on certain legal aspects of electronic commerce in the internal market' to remove legal barriers to electronic commerce. Its key objective was to ensure the freedom to provide services by addressing areas considered to be hindering the development of electronic commerce in the single market. It focused on creating a framework within which European business would have the legal certainty needed to take full advantage of the opportunities offered by electronic commerce.
The Electronic Commerce Directive, therefore, is intended to complement, not overlap with, other Directives, such as that on electronic signatures. The main areas it addresses are:
The wider context of the European debate has meant that the Consultation Document also considered the issues in relation to electronic signatures in this wider context as will be appreciated from the discussion of the proposals which follows.
One of the most important ways of promoting the development of electronic commerce is by ensuring that, as far as possible, the law does not discriminate between traditional and electronic ways of doing business, i.e. that the law should be 'technology neutral' in its application. At present, there are circumstances where there is doubt about whether a requirement in law for a signature can be met legally using an electronic signature. The position on requirements for information to be 'written' or 'in writing' is clearer - such a requirement cannot, at present, be met using electronic means. It is unusual for legislation to include a definition of 'writing' that is capable of extending to digital information. Moreover the Interpretation Act definition of 'writing', by placing emphasis on visibility, rules out electronic 'writing', which is, in essence, a series of electronic impulses.
The Government therefore intends to take measures to ensure that electronic signatures can have the same legal affect as written signatures and has made certain proposals by which it could be achieved.
The Government had already set out its intention that licensed Certification Authorities, conforming to the procedural and technical standards which such licensing would confer, would be in a position to offer certificates to support electronic signatures reliable enough to be recognised as equivalent to written signatures. This would be done by creating, in statute, a rebuttable presumption that an electronic signature, meeting certain conditions, correctly identifies the signatory it purports to identify; and, where it purports to guarantee that the accompanying data had not been altered since signature, that it had not. The exact specification of these conditions had not yet been finalised at the time of publication of the Consultative Document, but they would need to be compatible with what is eventually agreed at EU level, where the present draft requirements for an 'advanced electronic signature' (i.e. one which has equivalence to a hand-written one) would be that:
it is uniquely linked to the signatory;
it is capable of identifying the signatory;
it is created using means that the signatory can maintain under his sole control, and;
it is linked to the data to which it relates in such a manner that any subsequent alteration of the data is revealed.
The licensing regime would be set up in such a way that an electronic signature, backed up by a certificate from a licensed Certification Authority, would automatically satisfy the conditions necessary to be regarded as legally equivalent to a hand-written signature. In other words in the event of a dispute involving an electronic signature issued by a licensed Certification Authority, there should, in the absence of evidence as to deficiencies in the system, be no need to prove compliance with technical requirements because they would already have been investigated by the licensing authority. The intention of this would be to give parties relying on an electronic signature, backed by a certificate from a licensed Certification Authority and using an 'approved' signature creation device, a high degree of confidence that the signature is what it claims to be. Such a degree of legal recognition would also apply where a 'qualified certificate' would used to back up an electronic signature created by an approved signature creation device. This would apply equally to electronic signatures generated in the UK or in other EU Member States.
The Government's stated intention is not to deny legal recognition to electronic signatures which are not backed by certificates from licensed Certification Authorities, but parties relying on them may be taking on a higher level of risk. Such a signature, which can still be shown to meet the conditions laid down in the legislation, would not be excluded from legal recognition. Moreover, the legislation would specifically ensure that any electronic signature (regardless of who the Certification Authority was, or even if there was no Certification Authority, and regardless of what type of signature creation device was used) was capable of being given legal effect and could be submitted in evidence. However, it would be for businesses and individuals to decide for themselves whether to trust such signatures and bear the extra risk, which might arise in the event of a contractual dispute. In the event of a dispute, a party relying on such a signature might have to prove (in Court) that the standards and procedures employed were as reliable, perhaps even equivalent, to those that would be required of a licensed Certification Authority.
The Government also stated it had no intention of disturbing the existing use of electronic messages between parties, usually within closed user groups, for doing business. Such arrangements, including the use of EDI (Electronic Data Interchange), had been in existence for many years in industry for messaging, invoicing and ordering goods.
In addition to providing for the legal recognition of electronic signatures and writing, the Government believed that it needs to do more to promote electronic commerce. Electronic signatures can be used to ensure the integrity of information and to verify the author of the information. Another concern, particularly for those using open networks such as the internet, was confidentiality (keeping electronically transmitted information secret). But such technologies are complicated, and unfamiliar to many people. The Government had an important role in ensuring that users can trust both the technologies that allow such security and the commercial organisations providing it. Hence the introduction of voluntary licensing arrangements for bodies offering cryptographic services to the public, to generate confidence and thereby promote the market by ensuring that minimum standards of quality and service were met. The Government believed that users would require a high level of trust before the use of such services became widespread, especially for 'open' transactions. The level of trust required was, perhaps, similar to that required of a bank, or of a solicitor. These well-established services were trusted both because they were regulated and also because of the familiarity that had grown through a history of being able to rely on such services. Building such trust, virtually overnight, in the electronic world would not be easy. The Government recognised, however, that electronic signatures and encryption would also be provided in 'closed' environments where trust already existed between the counterparties and 'trust' in the provider may be less important. This is why the Government had opted for a voluntary but statutory regime.
It can be seen that the Government sees a clear policy differentiation between electronic signatures and encryption. The main differences in policy for signatures and encryption was seen as follows:
Licensed Certification Authorities would not be allowed to store the private key of a key pair that is issued solely for electronic signature purposes. The responsibility for protecting a private signature key would therefore fall unambiguously on its owner. This would encourage confidence in electronic signatures, by helping to prevent repudiation.
There would be no access by law enforcement agencies to private signature keys (wherever they were held), unless such keys had been used to encrypt information for confidentiality purposes.
The licensing criteria (similar to Annex I above) would clearly distinguish between providers of signature services, and providers of confidentiality services.
Organisations offering confidentiality, or encryption, services (e.g. key management services) where cryptography was used to protect the content of stored or transmitted data would also be encouraged by the Government to apply for licences. Businesses were increasingly recognising the importance of being able to recover critical data, which staff may have encrypted, or the text of messages they have sent to clients. The loss of an encryption key, whether through negligence, or because an employee had left etc., could be very damaging. Providers of confidentiality services were, therefore, encouraged to make the recovery of keys (or other information protecting the secrecy of the information) possible through suitable storage arrangements, or by means of key encapsulation products.
The widespread deployment of such technologies would also help law enforcement, by allowing law enforcement agencies to recover encryption keys under strictly regulated procedures. The Government is well aware of the controversy, both in the UK and abroad, over the degree to which Governments should encourage, or even mandate, the use of such key escrow and key recovery technologies. Given the differing views on the practicability, cost and desirability of this, the Government decided to consult on the basis that neither key escrow nor third party key recovery would be requirements of having a licence for confidentiality services. Users of confidentiality services would be free to decide for themselves whether to use such services. There would be no requirement for users of encryption to store keys, but those who do not make some arrangements could risk the loss of data in the event of losing their confidentiality key.
The voluntary licensing regime would also cover Key Recovery Agents.
Given the range of services that may be covered by the licensing regime, the question arises of how to avoid confusion when an organisation wishes to offer services both within and outside the licensing regime. One option would be to require that a body holding a licence for any cryptographic service covered by the licensing regime would be expected to be licensed for any other cryptographic services which it decided to offer. Such an approach might prove to be inflexible given the rapid development of electronic commerce, by stifling innovation and the development of new value added services. Some have argued that it would be against the spirit of a voluntary licensing regime. The Government considered it important, however, to avoid sending confused messages to consumers about the quality of a particular cryptographic service.
The Government was not clear on how best to distinguish between the provision of licensed and unlicensed services in order to protect the consumer and invited comment. Clearly the Government is trying to make its interception powers more palatable in order to appease its critics. However, trying to distinguish confidential services from non-confidential ones is likely to be confusing and unworkable because the services are likely to be overlapping in many cases and indistinguishable. Therefore in practice most services would be designated confidential.
The Government intended that the power to issue and modify licences and monitor compliance against the licensing conditions would be conferred on the Secretary of State for Trade and Industry. The DTI would have the power to delegate some of these powers to another body, who would have the powers to contract out some of its functions if necessary.
The Governments stated key objective in setting up the voluntary licensing regime was to promote confidence among consumers that licensed bodies could be trusted. The licensing framework therefore needed to be rigorous, impartial and trusted by all sectors of industry. The Government had decided that they were likely to designate OFTEL as the initial licensing authority. Both the DTI and OFTEL would work very closely with industry in developing the standards to be met by licensed bodies, but the aim of promoting consumer confidence would best be achieved by making a statutory body responsible for initial assessment and enforcement of compliance with those standards. Indeed, OFTEL was also likely to contract out some of its functions as the licensing authority to industry. The Government did not rule out delegation of some or all of the licensing functions to an industry body in future.
OFTEL jumped the gun and published a memo two days earlier than the Consultative Document's own publication on its potential new role as the Licencing Authority. (OFTEL 1999) Basically OFTEL accepted its possible new role and provided a rationale for this.
Liability in the world of electronic commerce is complex and the Government recognised the need to balance the interests of the various parties who might be involved, either directly and indirectly, in a particular transaction. Applying the principle that policy should be technology neutral, liability in the electronic world should, as far as possible, match that in the traditional world. However, given that there were no direct analogues of cryptography services in the world of pen and paper transactions some special rules might be needed. The Government sought views on liability and whether any limits should only be applied to licensed CAs. The Government's view was that there should be no limits for unlicensed providers. However, they have taken a different approach for licensed providers.
The Government argument is as follows. The aim of the licensing regime is to generate confidence in licensed providers. The public would need to be assured that a service, by virtue of being licensed, was high quality. There was a clear need to balance the competing demands of:
Not surprisingly the Government's initial view was that these competing demands could be reconciled by imposing a limit on liability but which could not be decreased by contractual terms, on licensed service providers. This would, in effect, encourage CAs to apply for licences and thereby become subject to regulation. Different limits would probably be set for different services. The consumer would be protected by knowing that a licensed provider was taking on a certain level of liability (of course, licensed providers would be free to offer higher levels). The provider's interests would also be protected by having a cap on their liability (which they could choose to increase, if that was in their commercial interests).
The Government was keen to have views on this how the limits should be set. Also should a specific 'duty of care' be imposed on holders of private signature keys (e.g. to keep their private key secure, to notify a Certification Authority within so many hours of realising it has been compromised etc.)? And were there any other liability issues concerning cryptography services which need to be addressed in legislation?
The Government finally justified its requirements to access encryption keys in order to be able to combat criminal activities with similar arguments to those outlined in the April 1998 document. It quoted the Director of the FBI
'...the encryption issue is one of the most important issues confronting law enforcement and potentially has catastrophic implications for our ability to combat every threat to national security...Law enforcement remains in unanimous agreement that the widespread use of robust non-recovery encryption will ultimately devastate our ability to fight crime and terrorism...'.
It also sought to justify its position by trying to dispel what it described as the following myths:
The Consultative Document then goes on to describe the powers required to intercept the relevant communications and how it is proposed this would be achieved (mainly through existing legislation (e.g. Interception of Communications Act 1985) and the safeguards to be provided.
After the short consultation period an Electronic Commerce Bill has been promised during this session of Parliament, presumably after the relevant EU Directives have been adopted. The relative speed is to ensure that the UK is in leading position as far as electronic commerce is concerned. The problem is that the so called voluntary licensing regime may deter legitimate business and consumers from using electronic commerce which would have the opposite effect to that apparently desired by the Government. We must wait and see whether the consultation process and the controversy surrounding it results in a change of position.
'Communication from the EC on Ensuring Security and Trust in Electronic Communications' COM 503.
'A European Initiative in Electronic Commerce' COM (97) 157 <http://www.cordis.lu/esprit/src/ecomcomx.htm>
1. They include the recently adopted Directives on data protection, on the legal protection of databases and on contracts negotiated at a distance; and the proposed revision of the Television Without Frontiers Directive. In addition, a number of consultational policy documents have been issued to stimulate debates on various policy areas, including the legal protection of encrypted services, copyright and related rights, industrial property, commercial communications, private procurement and the protection of minors and human dignity in audio visual and information services.
2. The following four sections are based on research undertaken by the Information Technology Unit of the Centre for Commercial Law Studies, Queen Mary & Westfield College, University of London. <http://www.ccls.edu/itlaw/index.html>
3. This is how Verisign works. It could also be possible to meet personally with a representative of the Certification Authority.
4. This is how Thawte works. Most Certification Authorities offer a range of certificates, graded according to the level of investigation used to confirm the identity of the subject of the certificate.
5. The emerging certificate standard is the X.509 certificate format which has been around since 1988. Version 3 was approved in 1997 and is currently being implemented in most applications.
6. Hierarchies are, however not the only solution. There exist cryptography solutions which are making use of a so called 'web of trust'. Your key might be signed by people who are trusting you, such as friends, families and colleagues. People who will want to verify the signature might know someone from this group and have a copy of his public key. It is self evident though that existing webs of trust are too small to offer a practical solution for electronic commerce.
7. Contrast the risk of double spending of electronic money.
8. The United Nations Commission on International Trade Law (UNCITRAL) has adopted a model law on electronic commerce and has initiated subsequent work aimed at the preparation of uniform rules on digital signatures. The Organisation of Economic Cooperation and Development (OECD) has also work under way in this area, following upon its 1997 Guidelines for Cryptography Policy. Other international organisations, including the World Trade Organisation (WTO) has also become involved in related issues.
9. PN/98/320. Note the government intends to issue a policy statement later this year on electronic commerce.
12. Certification Authority (CA) is used to encompass a number of potential services. It is likely that additional 'value added' services will also be provided (see below). Certification Authority services include:
Registration: The function of verifying the credentials of someone who, for whatever purpose, applies for a public key certificate. This will, inter-alia, include checking the identity, or other attributes, of the person applying for the certificate.
Certification: The function of issuing a certificate (perhaps as part of the registration process) which asserts that the public key belongs to the named holder.
Key Generation: Key generation is a critical part of the process whereby the key pair (both public and private) is generated for the issue of a certificate.
Certificate Revocation: Certificates will require revocation for a variety of reasons, including natural expiry, amendment, unauthorised disclosure of the private key or a breach of contract by the certificate holder. Once revoked it is essential, as part of this service, that the Certification Authority, or their agent, makes the fact available to anyone reasonably relying on the certificate. Such a process would normally include the publication of the revoked certificate in a published list.
Directory services: The establishment of a public access register where public keys (either for signature or confidentiality) are securely held and updated in respect of revocation knowledge.
Time-Stamping: A service whereby evidence can be presented that a specific electronic document existed, or that some event took place at a specific time.
13. Statement to the Senate Select Committee on Intelligence; 28 January 1998.