Digital signatures

Updates

24 Aug 2017

The Supreme Court of India has ruled that the right to privacy is a fundamental right. The judgment, which will impact the lives of over 1.34 billion Indians, comes as the Indian government is seeking to roll out a biometric database (Aadhaar) linking personal details with iris scans and fingerprints. Petitioners had challenged the government's move to make Aadhaar mandatory. The Supreme Court’s judgment, which overruled an earlier lower court judgment declaring that the right to privacy is not a fundamental right, does not however invalidate Aadhaar. The validity of the scheme will be tested separately by the Supreme Court.

22 Dec 2016

The US National Institute of Standards and Technology (NIST) has issued "Notice and request for nominations for candidate post-quantum algorithms". The NIST observes that, once the quantum computers are built and widely available, the entire public-key cryptography of today may be obsolete, and all the encrypted documents may become compromised. While the deadline for submissions of the ideas is set to end of November 2017, NIST acknowledges that, most likely, the work could be widely-tested within next 20 years only, The Register reports.

28 Aug 2016

Although blockchain technology is mainly associated with the e-commerce and e-money and virtual currencies sectors, online cryptocurrency journal The Merkel has identified a trend that is bringing blockchain closer to digital identities. The journal reports that a number of blockchain startups are focusing on using the technology to create digital identities, and are seeing a promising growth in this segment of the market.

Pages

Broadly speaking, digital signatures are linked to the authentication of individuals on the Internet, which affects many aspects, including jurisdiction, cybercrime, and e-commerce. The use of digital signatures should contribute to building trust on the Internet.

Digital authentication in general is often considered to be part of the e-commerce framework, as it is aimed at facilitating e-commerce transactions through the conclusion of e-contracts. For example, is an agreement valid and binding if it is completed via e-mail or through a website? In many countries, the law requires that contracts must be ‘in writing’ or ‘signed’. What does this mean in terms of the Internet? Faced with these dilemmas and pressured to establish an e-commerce-enabling environment, many governments have started adopting legislation on digital signatures.

 

When it comes to digital signatures, the main challenge is that governments are not regulating an existing problem, such as cybercrime or copyright infringement, but creating a new regulatory environment in which they have no practical experience. This has resulted in a variety of solutions and a general vagueness in the provisions on digital signatures. Three major approaches to the regulation of digital signatures have emerged.

The first is a minimalist approach, specifying that electronic signatures cannot be denied because they are in electronic form. This approach specifies a very broad use of digital signatures and has been adopted in common law countries: the United States, Canada, New Zealand, and Australia.

The second approach is maximalist, specifying a framework and procedures for digital signatures, including cryptography and the use of public key identifiers. This approach usually specifies the establishment of dedicated certificate authorities, which can certify future users of digital signatures. This approach has prevailed in the laws of European countries, such as Germany and Italy.

The third approach, adopted within the EU Electronic Signatures Directive (adopted in 1999), combines these two approaches. It has a minimalist provision for the recognition of signatures supplied via an electronic medium. The maximalist approach is also recognised through granting that ‘advanced electronic signatures’ will have stronger legal effect in the legal system (e.g. easier to prove these signatures in court cases). The EU Directive on digital signatures was one of the responses at multilateral level. While it has been adopted in all EU member states, a difference in the legal status of digital signatures still remains, and this has been seen as a barrier to the cross-border use and interoperability of digital signatures.  This barrier is to be overcome with the entry into force, starting July 2016, of a Regulation on electronic identification and trust services for electronic transactions in the internal market, which keeps the approach of the 1999 Directive, while requiring member states to recognise qualified electronic signatures based on qualified certificated issues in any of the other EU member.

At global level, in 2001, UNCITRAL adopted the Model Law on Electronic Signatures, which grants the same status to digital signatures as to handwritten ones, providing some technical requirements are met. This model law served as inspiration for the Common Market for Eastern and Southern Africa (COMESA), which integrated this approach into its more wide Model Law on Electronic Transactions, adopted in 2010.

The International Chamber of Commerce (ICC) issued a General Usage in International Digitally Ensured Commerce (GUIDEC), which provides a survey of the best practices, regulations, and certification issues.

Public key infrastructure (PKI) initiatives are directly related to digital signatures. Two main organisations involved with PKI standardisation are the ITU and the IETF.

Privacy and digital signatures

Digital signatures are part of a broader consideration of the relationship between privacy and authentication on the Internet. Digital signatures are just one of the important techniques used to identify individuals on the Internet. For instance, in some countries where digital signature legislation or standards and procedures have not yet been set up, SMS authentication via mobile phones is used by banks for approving customers’ online transactions.

The need for detailed implementation standards

Although many developed countries have adopted broad digital signature legislation, it often lacks detailed implementation standards and procedures. Given the novelty of the issues involved, many countries are waiting to see in which direction concrete standards will develop. Standardisation initiatives occur at various levels, including international organisations (the ITU), regional bodies (European Committee for Standardization – CEN), and professional associations (the IETF).

The risk of incompatibility

The variety of approaches and standards in the field of digital signatures could lead to incompatibility between different national systems. Patchwork solutions could restrict the development of e-commerce at a global level. The necessary harmonisation should be provided through regional and global organisations.

Events

Actors

(ISO)

More and more standards and guidelines developed by ISO cover issues related to data and information security,

...

More and more standards and guidelines developed by ISO cover issues related to data and information security, and cybersecurity. One example is the 27000 family of standards, which cover aspects related to information security management systems and are used by organisations to keep information assets (e.g. financial data, intellectual property, employees’ information) secure. Standards 27031 and 27035, for example, are specifically designed to help organisations to effectively respond, diffuse and recover from cyber-attacks. Cybersecurity is also tackled in the framework of standards on technologies such as the Internet of Things, smart community infrastructures, medical devices, localisation and tracking systems, and future networks.

(UNCITRAL)

In line with its mandate to contribute to the harmonisation of international trade law, UNCITRAL has drafted s

...

In line with its mandate to contribute to the harmonisation of international trade law, UNCITRAL has drafted several documents of relevance for matters concerning Internet and jurisdiction. Examples include the Model law on electronic commerce (1996), the Model law on electronic signatures (2001), and UN Convention on the use of electronic communications in international contracts (2005), and the Technical Notes on Online Dispute Resolution (2016). E-commerce continues to be an area of interest for the Commission, which has a dedicated working group focused on the legal dimensions of issues such as identity management, trust services, electronic transferable records, cloud computing, etc.

(IETF)

The core mission of the IETF is to develop technical standards for the Internet, ranging from Internet protoco

...

The core mission of the IETF is to develop technical standards for the Internet, ranging from Internet protocols (e.g. IPv4 and IPv6) and the Domain Name System (e.g. aspects related to the functioning of Internationalised Domain Names), to routing systems and security issues. Areas of work covered by IETF working groups include applications (e.g. real time communication and audio/video transport), Internet protocols, operations and management (e.g. DNS operations, routing operations, network configuration), routing (e.g. inter-domain routing, tunneling protocol extensions), security and transport (e.g. authentication and authorisation, IP security maintenance and extensions, and transport layer security).

(COMESA)

COMESA has developed an e-learning platform

...

COMESA has developed an e-learning platform for delivering training in various areas to both staff members and other stakeholders from COMESA member states. Courses offered through the platform range from leadership training to public procurement. The organisation also uses an online system known as COMESA 24/7 Online for building the capacity of COMESA and its members in monitoring the implementation of programmes and education on trade topics. Through a five phase programme, COMESA is putting all its knowledge center resources online through a web information management system.

(EU)

In establishing its digital single market, the EU has progressively developed a dense 

...

In establishing its digital single market, the EU has progressively developed a dense copyright legislation corresponding to a set of ten directives, which harmonise essential rights of authors, performers, producers and broadcasters. To ensure EU copyright rules are fit for the digital age, the European Commission has recently presented legislative proposals to modernise the EU legal framework, in order to allow more cross-border access to content online and wider opportunities to use copyrighted materials in education, research and cultural heritage; and have a better functioning copyright marketplace.

(UN)

In 2005, the UN General Assembly adopted the

...

In 2005, the UN General Assembly adopted the UN Convention of the Use of Electronic Communications in International Contracts. The Convention (entered into force in 2013) is aimed at facilitating the use of e-communications in international trade, and it contains, among others, provisions on the signing of electronic communications or contracts. It outlines criteria for the recognition of electronic signatures (irrespective of the technology used): an electronic communication is considered signed if the signing method (i.e. electronic signature) is capable of identifying the signatory and indicating the signatory’s intention in respect of the information contained in the electronic communication.

Instruments

Standards

Other Instruments

COMESA Model law on electronic transactions

Resources

Publications

Internet Governance Acronym Glossary (2015)
An Introduction to Internet Governance (2014)

Reports

OECD Digital Economy Outlook 2015 (2015)

 

The GIP Digital Watch observatory is provided by

in partnership with

and members of the GIP Steering Committee



 

GIP Digital Watch is operated by

Scroll to Top