-
The EU Electronic Commerce Directive has provisions which affect the content of commercial electronic communications and the obligations of some of those providing services to the users of such communications. It obliges Member States to ensure that domestic legal requirements do not present obstacles to electronic transactions.
-
UNCITRAL has produced a Model Law on Electronic Commerce and is drafting Uniform Rules on Electronic Signatures. A number of countries have their own domestic provisions as to electronic signatures.
7. Electronic documents sent using the Internet pass over a network between computers which are owned and run by different organisations. If security measures are inadequate or subverted, then those documents can be read and altered by the employees of any of those organisations or by others (“hackers”) with the ability to obtain unauthorised access to the computers. Such fraudsters can also use their access to computers to send messages that purport to come from other people. They can hide the source of the documents. It is possible to send an electronic document from your computer which shows somebody else’s e-mail address as your own. It is therefore vital to be able to prove the real identity of the signatory.
8. In the world at large there is a variety of technological methods of confirming a person’s identity. Use may be made of known secrets (e.g. PINs and passwords), unique physical tokens held by named individuals (e.g. smart cards or magnetic stripecards), cryptographic codes and personal physical features (biometrics). These techniques provide different degrees of confidence in the identity of the originator of what is being sent. A password may be disclosed and is therefore less secure than a biometric technique that recognises an unalterable physical characteristic such as the shape of a person’s iris or their thumb print.
9. The phrase “electronic signature” includes many different ways of “signing” computerised records and communications. These Guidelines concentrate on the use of one particular technological method of authenticating such records and communications (referred to below as “electronic documents”). It is known as “public” or “dual” “key cryptography” and involves the use of a pair of digital keys (essentially large mathematical numbers). One key is private and unique to a particular person and its pair is public and known to those who wish to communicate with the holder of the private key. It should be noted, however that a combination of techniques may be used for security purposes. A password or biometric technique may be used in addition to dual key cryptography to prove that the electronic document came from a particular source.
10. We start with an illustration of the practical use of a digital signature in business. Then there is an explanation, using everyday language, of the technical processes used to create and use a digital signature and of how it provides evidence as to the identity of the signatory of an electronic document and the integrity of that document. We then explain how the technology can be used to ensure receipt by the intended party and to prove timing of the sending and receipt of electronic documents. We describe the similar technology used to achieve confidentiality. We then refer to some issues that can arise out of the use of digital signatures. There is brief coverage of the Electronic Communications Act and the European Electronic Signature Directive. We also refer to the Electronic Commerce Directive which has broader coverage. Next there is guidance as to the evidence that may be relevant in litigation. At the end, readers will find the Glossary, appendices and a bibliography.
© Crown copyright 2002