AddToAny

Printer Friendly and PDF

 

Digital signatures

Updates

22 Dec 2016

The US National Institute of Standards and Technology (NIST) has issued "Notice and request for nominations for candidate post-quantum algorithms". The NIST observes that, once the quantum computers are built and widely available, the entire public-key cryptography of today may be obsolete, and all the encrypted documents may become compromised. While the deadline for submissions of the ideas is set to end of November 2017, NIST acknowledges that, most likely, the work could be widely-tested within next 20 years only, The Register reports.

28 Aug 2016

Although blockchain technology is mainly associated with the e-commerce and e-money and virtual currencies sectors, online cryptocurrency journal The Merkel has identified a trend that is bringing blockchain closer to digital identities. The journal reports that a number of blockchain startups are focusing on using the technology to create digital identities, and are seeing a promising growth in this segment of the market.

4 Aug 2016

A study by the Open Identity Exchange project has found a significant change in UK online users' willingness to allow access to their social networks and online accounts for identity verification purposes, compared to a previous study in 2013. Government identity verification standards in the UK require tests against the activity history of an identity, to complement more traditional tests. The study aimed to understand the extent to which users might be willing to allow access to their accounts as trustworthy evidence when creating a digital identity.

Pages

Broadly speaking, digital signatures are linked to the authentication of individuals on the Internet, which affects many aspects, including jurisdiction, cybercrime, and e-commerce. The use of digital signatures should contribute to building trust on the Internet.

Digital authentication in general is often considered to be part of the e-commerce framework, as it is aimed at facilitating e-commerce transactions through the conclusion of e-contracts. For example, is an agreement valid and binding if it is completed via e-mail or through a website? In many countries, the law requires that contracts must be ‘in writing’ or ‘signed’. What does this mean in terms of the Internet? Faced with these dilemmas and pressured to establish an e-commerce-enabling environment, many governments have started adopting legislation on digital signatures.

 

When it comes to digital signatures, the main challenge is that governments are not regulating an existing problem, such as cybercrime or copyright infringement, but creating a new regulatory environment in which they have no practical experience. This has resulted in a variety of solutions and a general vagueness in the provisions on digital signatures. Three major approaches to the regulation of digital signatures have emerged.

The first is a minimalist approach, specifying that electronic signatures cannot be denied because they are in electronic form. This approach specifies a very broad use of digital signatures and has been adopted in common law countries: the United States, Canada, New Zealand, and Australia.

The second approach is maximalist, specifying a framework and procedures for digital signatures, including cryptography and the use of public key identifiers. This approach usually specifies the establishment of dedicated certificate authorities, which can certify future users of digital signatures. This approach has prevailed in the laws of European countries, such as Germany and Italy.

The third approach, adopted within the EU Electronic Signatures Directive (adopted in 1999), combines these two approaches. It has a minimalist provision for the recognition of signatures supplied via an electronic medium. The maximalist approach is also recognised through granting that ‘advanced electronic signatures’ will have stronger legal effect in the legal system (e.g. easier to prove these signatures in court cases). The EU Directive on digital signatures was one of the responses at multilateral level. While it has been adopted in all EU member states, a difference in the legal status of digital signatures still remains, and this has been seen as a barrier to the cross-border use and interoperability of digital signatures.  This barrier is to be overcome with the entry into force, starting July 2016, of a Regulation on electronic identification and trust services for electronic transactions in the internal market, which keeps the approach of the 1999 Directive, while requiring member states to recognise qualified electronic signatures based on qualified certificated issues in any of the other EU member.

At global level, in 2001, UNCITRAL adopted the Model Law on Electronic Signatures, which grants the same status to digital signatures as to handwritten ones, providing some technical requirements are met. This model law served as inspiration for the Common Market for Eastern and Southern Africa (COMESA), which integrated this approach into its more wide Model Law on Electronic Transactions, adopted in 2010.

The International Chamber of Commerce (ICC) issued a General Usage in International Digitally Ensured Commerce (GUIDEC), which provides a survey of the best practices, regulations, and certification issues.

Public key infrastructure (PKI) initiatives are directly related to digital signatures. Two main organisations involved with PKI standardisation are the ITU and the IETF.

Privacy and digital signatures

Digital signatures are part of a broader consideration of the relationship between privacy and authentication on the Internet. Digital signatures are just one of the important techniques used to identify individuals on the Internet. For instance, in some countries where digital signature legislation or standards and procedures have not yet been set up, SMS authentication via mobile phones is used by banks for approving customers’ online transactions.

The need for detailed implementation standards

Although many developed countries have adopted broad digital signature legislation, it often lacks detailed implementation standards and procedures. Given the novelty of the issues involved, many countries are waiting to see in which direction concrete standards will develop. Standardisation initiatives occur at various levels, including international organisations (the ITU), regional bodies (European Committee for Standardization – CEN), and professional associations (the IETF).

The risk of incompatibility

The variety of approaches and standards in the field of digital signatures could lead to incompatibility between different national systems. Patchwork solutions could restrict the development of e-commerce at a global level. The necessary harmonisation should be provided through regional and global organisations.

Events

Instruments

Standards

Other Instruments

COMESA Model law on electronic transactions

Resources

Publications

Internet Governance Acronym Glossary (2015)
An Introduction to Internet Governance (2014)

Reports

OECD Digital Economy Outlook 2015 (2015)

The GIP Digital Watch observatory is a service provided by

 

in partnership with

 

and members of the GIP Steering Committee

 




 

GIP Digital Watch is operated by