Digital Signature Regulation and European Trends

Transcription

1 Digital Signature Regulation and European Trends Alexander Rossnagel The Directive for a common framework for electronic signatures will be adopted in the European Community this year. During the next two years, it will lead to an adjustment of existing signature laws, or the creation of new regulations, in all member states. This will result in changes in all member states of the European Community, but in Europe, as a whole, it will lead to the standardization of regulations. Current national regulations for digital signatures will not completely lose their importance as a result of the European Directive. Some of the signature schemes regulated by national laws may co-exist or even compete with the schemes regulated by the Directive. Using the Federal Republic of Germany as an example, this article describes the legal situation which will result when the European Directive for electronic signatures comes into force and makes a tentative assessment of the future areas of application for various digital signature schemes in Europe. The German Digital Signature Act When the German Digital Signature Act came into force on August 1, 1997, it became the first digital signature law in the world to govern the entire area of a state [SigG97]. It contains fundamental technical and organizational requirements for the public key infrastructure for digital signatures. Details are regulated in the Digital Signature Ordinance [SigV97]. The Act defines a digital signature as a cryptographic seal affixed to digital data which is generated by a private signature key and establishes the owner of the signature key and the integrity of the data with the help of an associated public key provided with a signature key certificate of a certification authority. The Digital Signature Act aims to provide a high level of actual security by means of five interlinking security elements: A national license is required for the operation of a certification authority. The license will be granted if the applicant is reliable, his personnel have the necessary technical skills and he fulfills all the security requirements in the Digital Signature Act and the Digital Signature Ordinance. The Digital Signature Act prescribes a two-stage and, thus, an extremely broad and very flat certification structure. The Regulation Authority is the only root certification authority. It certifies all licensed certification authorities and they certify the users. In order to ensure the necessary organizational security, the Digital Signature Act requires that each certification authority provide certain mandatory services: identification of the users, certification, instruction, directory services for certificates and revocation services, time- stamping services and, optionally, the generation of keys. 1

2 Before they are brought into use, the technical components for the certification authorities and the users have to be inspected for their conformity to the legal requirements. The inspection is carried out by recognized private bodies Adherence to the requirements of the law is monitored by state officials who are permitted to enter the business premises of a certification authority, inspect all books, records and other documentation. If irregularities are discovered, they may take supervisory measures, prohibit the use of unsuitable technical components or temporarily prohibit the operation of the certification authority, as well as revoke the license. In addition, each certification authority has to arrange for checks by a recognized private body at regular two-year intervals. Due to the fact that these security elements have been examined in advance, the Digital Signature Act can ease the burden of proof for court and administrative proceedings, i.e. digital signatures which conform to the law are deemed secure. As a rule, the integrity of electronic documents and the identity of the exhibitor no longer have to be proven separately. This regulation makes a change of the law concerning proof unnecessary. High actual security and the proof assumption provide sufficient security of evidence [Rossn98b]. The law does not regulate further legal ramifications of digital signatures. In particular, it does not equate the digital signature with the handwritten signature. Digital signatures can, however, be used in the predominant share of legal dealings which do not prescribe a particular form and, used in this way, they represent a legally binding declaration of intent. It is intended that subsequent legislation be linked to the Digital Signature Act which require digital signatures according to this Act. The Digital Signature Act does not define specific liability for certification authorities although there are many who feel that it should. The opinion is that agencies which demand a high level of trust should also be held responsible for errors or neglect. Nevertheless, the Federal Government rejected this demand. It is currently the case, that massive financial damage may result from the activities of a certification authority without it bearing any liability [Rossn99]. This legal framework for safe digital signatures is not obligatory. The Act only constitutes an offer. Anyone who wants the high level of security ensured by the legal requirements, can have a certification authority, or the technical components, approved according to the law and obtain documentary evidence that the requirements have been adhered to in the form of a certificate from the national root certification authority. Anyone who does not want this documented high level of security, and its accompanying costs, is free to offer and use other signature schemes. The Digital Signature Act places no restrictions, whatsoever, on the operation of existing signature schemes or introduction of new ones which do not meet the requirements of the Act. These schemes, however, cannot be used to ease the burden of proof on the basis of their assumed security. Without prior examination and constant monitoring, their actual secu- 2

3 rity is unknown and an assumption that they provide sufficient security cannot be justified [Rossn99]. European Directive for electronic signatures The European Commission s proposal for a Directive for electronic signatures pursues a different regulation concept. It does not prescribe a licensing procedure for certification authorities. It even forbids the member states from making the provision of certification services subject to prior authorization. Requirements for the content of qualified certificates are laid down in Annex I. A catalog of ten very general functional requirements for certification service providers is set down in Annex II. The original proposal of the European Commission of [EC98] left enforcement of the security requirements up to the certification authorities. Sufficient security should primarily be established through market influences. The motivation for adhering to the requirements took the form of both a threat and a reward. For offences against the requirements, the proposal regulated a strict liability of the certification service provider. If the requirements in Annex II were fulfilled, the electronic signature would satisfy the legal requirement of a signature and be admissible as evidence in legal proceedings. The European Commission s original proposal was rejected in the European Council on because the member states of the European Community could not agree on whether the Directive should also contain technical security requirements. It was subsequently revised and re-submitted to the Council on The regulation concept was maintained to a large extent. However, the Directive now contained some additions, which made it more similar to the concept underlying the German Digital Signature Act. On one hand, supplementary technical requirements had been added to the Directive. Four general, but compelling, technical requirements for signature creation devices had been included in a new Annex III and non-binding technical recommendations for signature verification devices in a new Annex IV. On the other hand, monitoring procedures were planned. The conformity of signature creation devices to the requirements in Annex III is to be determined by appropriate private or public bodies designated by member states. In addition, the member states shall ensure the establishment of an appropriate system which allows the supervision of certification service providers on its territory which issue qualified certificates to the public. Finally, the Directive specifies that a certification service provider is liable for damage caused to any person who reasonably relies on the certificate data, unless he proves that he has not acted negligently. The service provider is liable for the accuracy of all information in the qualified certificate at the time of issuance, for assurance that at the time of issuance of the certificate, the person identified in the qualified certificate held the signature creation data corresponding to the signature verification data given or identified in the certificate and that these two data function correctly together. In respect of the legal consequences, the Directive differentiates between electronic signatures and advanced electronic signatures. The Directive defines an electronic signature as data in electronic form attached to, or logically associated with, other electronic data and which serves as a method of authentication. The legal validity of 3

4 electronic signatures and their admissibility as evidence in legal proceedings may not be denied solely on the grounds that the signature is in electronic form, or is not based upon a qualified certificate, or is not based upon a qualified certificate issued by an accredited service provider, or is not created by a secure signature creation device. According to the Directive, an advanced electronic signature is an electronic signature, which meets the following requirements. It is uniquely linked to the signatory, is capable of identifying the signatory, is created using means that the signatory can maintain under his sole control and is linked to the data to which it relates in such a manner that any subsequent alteration of the data is detectable. Advanced electronic signatures based on qualified certificates issued by a certification service provider which fulfills the requirements in Annex II, and were created using a signature creation device which meets the requirements in the Annex III, satisfy the legal requirement of a signature in relation to the data in electronic form, in the same manner as a handwritten signature satisfies that requirement in relation to paper-based data. In addition, it is to be admissible as evidence in legal proceedings. The Directive leaves decisions regarding two critical points up to the discretion of the member states. On one hand, they may introduce or maintain voluntary accreditation schemes aiming at enhanced levels of certification service provision. On the other hand, they can make the use of electronic signatures in the public sector subject to possible additional requirements. Such requirements shall be objective, transparent, proportionate, and non-discriminatory. They shall only relate to the specific characteristics of the application. The Directive was approved by the Council of the European Community on and has been passed to the European Parliament for further discussion. It is likely that the Directive will be passed at the beginning of 2000 and would then be converted into domestic law by the member states within 18 months. Required Adjustments to the German Digital Signature Act The regulation concept of the Digital Signature Act needs no alteration. Due to the fact that, during the second phase of its development, the Directive was adjusted to conform to the conditions in the German Digital Signature Act, the goals have already been harmonized. In accordance with 1.2 of the Digital Signature Act, in the Federal Republic of Germany there are no restrictions on the offering of certification services without prior licensing. The monitoring of certification services is, however, also still allowed. Functionally, the licensing of certification authorities is to be viewed as voluntary accreditation in the sense of Art. 3.2 of the Directive. The regulations of the conditions for licensing, licensing procedures, requirements for the operation of certification authorities and their obligatory services are covered by the Directive. Art. 3.2 of the Directive does not limit the competence of the member states to restrict the accreditation to certain forms of digital signatures and to exclude it for other signatures. The discretion of the member 4

5 states also extends to the possibility of easing the burden of proof on the basis of assumed security as a legal consequence of accreditation. The requirements for the security of electronic signatures are, likewise, met by the Digital Signature Act and the Digital Signature Ordinance. The contents of a certificate which the Digital Signature Act enables or requires, correspond to the requirements in Annex I of the Directive. The regulations of the Digital Signature Act and the Digital Signature Ordinance offer higher security than is required or recommended in Annexes II, III and IV of the Directive. The requirements for accreditation are objective, transparent, proportionate and non-discriminatory. The regulations contain all comprehensible and recognizable, equal and reasonable requirements which are appropriate and necessary for the goal of sufficient legal security and ease of proof. The Digital Signature Act, as a voluntary national accreditation scheme, only needs to be slightly adapted to the Directive. In addition to minor alterations in specific formulations, the most important necessary addition is the inclusion of the liability of the certification service providers. In future, they will be liable for negligence [Neuser99]. A shift of the burden of proof for negligence to the certification service providers is to be specified. Since the Digital Signature Act neither regulates electronic signatures, nor contains regulations regarding legal form and questions of evidence, no alteration is needed regarding the provisions of the Directive. The Federal Republic of Germany should by no means abandon the advantages of high quality signature schemes in favor of standardization at the lower level of the Directive. On the contrary, Germany should continue to give its providers the opportunity to offer signature schemes which have been monitored before being put into use and provide the highest quality in the market. Therefore, the German legislator should differentiate licensed and unlicensed signature schemes. The first are in accordance with the Digital Signature Act and the second correspond to the European Directive. After the Directive has come into force, however, regulations will be needed for electronic signatures and their legal consequences. The definitions in Art. 2 of the Directive are to be adopted and the unrestricted offering of certification services and signature products from the European Community according to Art. 4 is to be guaranteed. Conformity of secure signature creation devices to Annex III is to be ensured. In addition, for advanced electronic signatures, the requirements for a qualified certificate according to Annex I and the requirements for offering a certification service according to Annex II are to be regulated. Furthermore, an appropriate system is to be established which allows the supervision of certification service providers who offer qualified certificates. In addition, regulations concerning the liability of these providers and the offering of certification services from countries outside the European Community according to Art. 7 of the Directive. are to be introduced. The national legislators have to issue regulations regarding the legal consequences of using both electronic and digital signatures. The legal consequences foreseen in Art. 5 of the Directive are not to be regulated in the Digital Signature Act, but rather in the con- 5

6 text of the existing regulations which apply to declarations of intent and evidence procedures, for example in the Civil Code, in the code of civil procedure, or in the administrative proceedings law. However, the legal effectiveness and the admissibility as evidence required for electronic signatures by Art. 5 of the Directive are already ensured by German law. Every declaration of intent in whatever form is, in principle, legally binding. All electronically signed data can be submitted to a court as evidence. The Directive does not require special electronic documentary evidence. Since documentary evidence is a German peculiarity, such a regulation would deepen the differences in the legal treatment of electronic signatures in Europe and hinder the goal of harmonization [Rossn98a]. The regulations applying to written form, however, need to be expanded. According to Art. 5.1 of the Directive, member states shall ensure that advanced electronic signatures, which are based on a qualified certificate and which were created by a secure signature creation device, satisfy the legal requirement of a signature in relation to the data in electronic form, in the same manner as a handwritten signature satisfies that requirement in relation to paper-based data. There are, however, two restrictions on this assignment of equal status. According to Art. 1.2 of the Directive, it does not cover aspects related to the conclusion and validity of contracts or other legal obligations where there are form requirements prescribed by national or Community law. It does not apply, therefore, to form requirements, such as that a will has to be completely handwritten, that notarial contracts need the participation of a third party, or that a marriage contract, or certain declarations before an authority, require personal presence. The member states are allowed to demand additional requirements for the use of electronic signatures within the public sector. Therefore, it can be required that only digital signatures which conform with the Digital Signature Act be used in the public sector. Competition between European and German signatures Even after the harmonization of legal regimes by the Directive, there will still be nationally regulated signature schemes in the form of voluntary accreditation systems. As the Directive does not regulate certification services with enhanced levels of security, but only security requirements at the lower level, the legal differences regarding enhanced levels of certification services remain. The Directive for electronic signatures will not enforce a uniform security standard for the remaining signature schemes, but it will result in uniform legal consequences for the different levels of security. The non-uniform signature schemes which have not been checked for their security level before being put into use and which are permitted by the European Directive will be insufficient for many applications. In practice, they will leave open a large field for applications of the signature schemes conforming to the German Digital Signature Act. The regulation mechanism of the European Directive is too weak to provide a unified level of security in Europe. The requirements in Annexes II and III are too vague to really influence the operation of the certification services and the design of the technol- 6

7 ogy systems. The Directive leaves adherence to these far too abstract security requirements up to the individual service providers and every certification authority will implement the level of security which is adequate for its needs. As a result, by not requiring advance monitoring, the Directive actually prevents a uniform level of security being established in the Community. The supervision systems which monitor the certification service providers who issue qualified certificates will discover and prevent some rough deviations from the requirements of Annex II. However, their activities only take place after a deviation has occurred and only affect isolated cases. They will not be able to ensure a europewide provision of secure certification services. Determining the conformity of secure signature creation devices to Annex III, however, at least helps to enforce four fundamental security requirements. The requirements of Annex III, however, only cover signature creation devices and not all the other technical components for certifying, the directory services, the time-stamping services and the signature verification devices. In addition, the requirements are too abstract to result in a uniform handling. Perhaps the generally recognised standards mentioned in Art. 3.3 will establish uniform requirements. The liability according to Art. 6 of the Directive is also insufficient as an incentive to adhere to the small number of requirements. The usual reaction is to take out an insurance policy rather than providing enhanced security. A liability regulation only contributes to damage being compensated for after it has occurred, not to a guarantee of actual security. Its preventive effect is reduced by insuring the risks to the amount of the insurance premium. Liability regulations can only achieve acceptance to a very limited extent. The participants in electronic commerce want the signature schemes to be sufficiently secure. They want to have guarantees prior to using digital signatures. They do not want to have to search for the cause of damage after it has occurred and take well insured providers to court in order to obtain compensation. In addition, the Directive is inconsistent regarding the regulation of liability. Annex II requires service providers to maintain sufficient financial resources to cover liability claims, but there are no systematic checks to ensure that this requirement has been met. The supervision systems of the individual member states cannot ensure the enforcement of this requirement either. Since there is no assurance, whatsoever, that a provider is solvent, it is, in fact, possible for a financially weak organization to offer certification services and simply claim bankruptcy when the first loss occurs. Liability regulations do nothing to prevent abuse of certification services by criminals or the secret service. Individual liability regulations do not achieve the goal of creating a secure public key infrastructure for electronic signatures, which serves as a foundation for the safe and provable exchange of declarations of intent. On the other hand, signature schemes which conform to the German Digital Signature Act provide uniform and reliable security, because the certification services and technical components are examined in advance and repeatedly monitored. The actual security 7

8 level of the signature schemes is determined prior to operation and not by a lawsuit after a conflict has occurred, which is the case with the European Directive. Anyone who wants to, or needs to know in advance that the enhanced security level of the Digital Signature Act has been met will use digital signatures which conform to the German Digital Signature Act. This may well have particular relevance for electronic legal relationships within the public sector. Since Art. 3.4 of the Directive allows additional requirements for the public sector, it is to be expected that in the Federal Republic of Germany the application of digital signatures will be prescribed for declarations of intent made by authorities and made by citizens to authorities. A digital signature which conforms to the German Digital Signature Act also provides substantial practical advantages, if it becomes necessary for a user to prove the security of the signature scheme he has used. As a result, it is to be expected that, for applications in which proof of security in disputes is relevant, signature schemes which conform to the German Digital Signature Act will be preferred over signature schemes which accord with the European Directive. Users of digital signatures which conform to the German Digital Signature Act are backed in disputes by the security assumption of the Digital Signature Act. This assumption facilitates the proof of an electronic declaration of intent because the security of the signature scheme no longer has to be proven by the presenter of evidence. Prerequisite for the security assumption are the requirements of the Act and monitoring of them by the state authority before the scheme is put into use. The security of the legal signature scheme can be trusted because it was examined in advance and monitored during operation of the certification services. The burden of proof is fairly distributed and, at the same time, user-friendly. Those in possession of the information deliver it for examination. The certification authorities provide their security concept and the manufacturers their technical components. Competent and specialized bodies, namely the state authority and private testing and approval entities examine the concepts and the components. These examinations give credit to the security assumption and, as a result, the burden is removed from users and the courts. A single official examination is carried out which can be relied on in thousands of disputes. On the other hand, the Directive does not provide the user with evidence of the security of electronic signatures. It only directs that digitally signed data are admissible as evidence, if the requirements in Annexes II and III have been met. An examination of conformity is only foreseen for the secure signature creation devices. Depending on the resilience of these examinations, prima facie evidence could develop for checked signature creation devices implying that they are, in fact, secure. For all other conditions related to safe signature schemes, however, the Directive provides no assistance. Since it does not authorize advance controls, the user has to prove that the requirements have been fulfilled in a lawsuit before court. For instance, how can a dealer in Germany, who receives an electronically signed order with the certificate of a Portuguese certification service provider and wants to retain this as a means of proof, know whether this certification service provider fulfills the requirements in Annex II? He or she could only rely 8

9 on the adherence to the requirements if this had been examined in advance. The burden of proof is transferred to those who are least capable of dealing with it: the users and the courts. Rather than one advance investigation being conducted by the competent possessors of the information and by specialized bodies, as provided for in the German Digital Signature Act, according to this concept, the proof in each individual lawsuit must be supplied by incompetent users before overtaxed courts. The legal consequences which have been arranged are counter-productive without actual security of the signature schemes. It is exactly in this situation, where the use of digital signatures is linked to these legal consequences, that the signature scheme will be avoided if it does not guarantee sufficient security. Those who order the recognition of digital signatures as evidence, without also requiring the security guarantees which would exclude the possibility that their value as proof is questioned, give a stone for bread. Without advance controls of the security of the schemes, no easing of evidence can be ordered. Without easing of evidence, however, in a lawsuit all of the prerequisites in Annex II will be denied and will have to be proven by the presenter of the evidence. Rather than promoting the use of digital signatures as evidence, the associated expenditure will obstruct their use. In contrast, an advance control can justify the assumption that the digital signature submitted as evidence exhibits certain security characteristics. Competition of unregulated signature schemes Unimpressed by the efforts in Europe, Germany and also in the USA to regulate the requirements for signature schemes, other signature schemes, which are unaffected by legal regulations, are being developed and used world-wide. It will be interesting to observe, which signature schemes become generally accepted and how this is achieved. One can differentiate between three signature scheme concepts. They all ensure the integrity of the signed data, but differ in respect of the goal of their identification capacity. These concepts differ in complexity and price according to the identification function. All of these differences contribute to their suitability for different culture complexes. The first group is comprised of signature schemes which aim at the identification of persons. Their purpose is to guarantee that the person who signed the data can be identified. Therefore, they are suitable for authorizing declarations of intent which must be attributed to a certain person. However, they clearly fall beneath the security level of the German Digital Signature Act and, often, even below the security requirements of the European Directive. On the other hand, they have the advantage of already being established and in widespread use. An example of this group is the signature scheme Pretty Good Privacy (PGP). This scheme, which is probably the most widely used of all current schemes, functions without certification authorities. According to its original concept, the functions of the public key infrastructure are provided by the participants in electronic legal relationships, themselves. The person who generates the keys, either certifies the public key himself, or has it confirmed through the digital signatures of 9

10 friends. Thus, a network of overlapping confirmation groups develops, in which a participant can repeatedly find certificates of persons whom she trusts. A directory service and a revocation service are not included in this concept. The public key and its revocation are distributed individually. Additional infrastructure services can be established for such schemes and provide central certification, as well as directory and revocation services. The certification hierarchy is flexible and also permits multi-level hierarchies with sub-certification authorities. A widely used international certification organization is VeriSign. It has developed its own Certification Policy, which offers three security classes which are distinguished, in particular, by the expenditure for registering applicants. Different fees are imposed for each security class. A certificate with a validity period of three months with no examination of the identity of the applicant is free. About four million certificates of this class have already been issued world-wide. In 1999, eight major international banks plan to equip their employees and company customers with electronic identification documents, which they can use to securely identify themselves in the Internet. The banks have created a root certification authority called Global Trust Enterprise. Global Trust Enterprise will certify the banks and these will certify their employees and about five million customers. It is possible for additional banks and customers to join this Global Trust Organization. The second group of signature schemes aims at the identification of cards. They aim to ensure that a valid credit card also guarantees that it is backed by a credit card organization which will cover payment of any transaction made with the card. The object of these schemes is to ensure that the partner is both willing and able to pay. The scheme using credit cards and Secure Electronics Transaction (SET) is an example of this type of signature scheme. In this scheme the customer identifies himself to his bank and receives a password which can be used online to get a certificate from a certification authority (for instance Verisign ) for a pair of keys which he has generated himself. When paying online, he can use this certificate in a mutual authentication process with the computer of the dealer to prove that he is the legitimate owner of the credit card. In this scheme the legitimate owner of the credit card can be established, but this does not prove that he is also the originator of the declaration of intent. It is not crucial for the scheme, however, to know who personally delivered the declaration of intent, but only that payment is guaranteed. The scheme is suitable for all transactions where payment is immediate and, therefore, it is not necessary for the dealer to know the real identity of the contracting party. Because credit cards are accepted globally, the scheme is also applicable world-wide. It is relatively easy to handle and does not require a new infrastructure because it is linked to the infrastructure of the credit card organizations. As a result, this scheme does not incur high costs [Froomk96]. The third group of signature schemes aims at the identification of computers. The aim is to guarantee that the computers taking part in a communication exchange secure mutual identification and that no data is exchanged with unauthorized computers. An example of this type of scheme is the Secure Socket Layer (SSL). These schemes are suitable for communication with institutions and between institutions. For electronic ordering the most important thing is to be connected with the distributing house, not 10

11 with a specific person. When transferring money the customer wants to be ensured that he is connected with his bank, not with a certain bank employee. These schemes are suitable for business-to-business communication, or for ordering and paying in connection with organizations. In these schemes, however, the providers have to do without the legal advantages associated with exact identification of the customer. But in many cases these disadvantages may well be compensated for by the simplicity of the schemes. These non-regulated schemes have been established and - particularly in the USA - are already being used on a relatively broad basis. In order to assess the likelihood of their acceptance in Europe, however, cultural differences between the USA and Europe have to be considered. Card-identifying schemes will only be widely accepted where paying with credit cards is also broadly used. The customer who does not already use a credit card for traditional payments is unlikely to obtain one in order to make purchases via the Internet. In view of the dissemination of credit card use, therefore, using this scheme for electronic trade can be expected to be substantially more successful in the USA than in Europe, or in Germany. In Europe, schemes which identify the person and/or the computer may have greater chances of success. In any situation where the identification of the organization is sufficient for the completion of a transaction, the computer-identification schemes may well completely satisfy practical needs and gain acceptance as a result of their lower organizational requirements and lower costs. Where the providers attach importance to identifying their customers and, possibly, also to verifying the identification, they will establish person-identification schemes. For all unregulated schemes, their suitability for providing evidence in legal proceedings is very low. They do not ensure a secure and provable identification of the originator of a declaration of intent. In a controversy, they are unsuitable for proving that a contract has been concluded, that a petition has been delivered, or that an administrative act has been decreed. They resolve the conflicting aims of the openness, simplicity and inexpensiveness of a scheme versus high security and suitability for providing proof in favor of the first objective. As a result, they are suitable for simple and quick electronic business transactions between strangers, or for individual transactions between well-known business partners in the context of a continuous relationship which is legally secured in other ways. They are unsuitable, however, for contacts between unknown entities and which depend on provable transactions. View of the future for digital signature schemes in Europe In order to be able to recognize development trends for the use of digital signatures in Europe, both the regulated and the non-regulated schemes must be considered. From the point of view of electronic legal relationships, three different levels of regulation and administration of digital signatures are to be differentiated which correspond to three different security levels. AT the highest level we will have the digital signatures which correspond to the national voluntary accreditation schemes. In the Federal Republic of Germany, 11

12 these are the digital signatures which conform to the Digital Signature Act. High and detailed requirements which ensure a high degree of security exist for this signature scheme. These schemes are examined in advance and require a license. Due to these advance controls they provide an assumption of security for their signatures. On account of the high security requirements, the necessary smart cards and certification services will not be cheap and will be connected with a certain amount of expenditure for their acquisition. They are suitable for the legal secure identification of communication partners and provide a high degree security of proof. If the Federal Republic of Germany makes use of the opportunity to prescribe the use of digital signatures which conform to the Digital Signature Act for the public sector, Germany will have a broad field of application within the public sector and in all the business relationships which depend on secure evidence. This range of application could easily be extended to other applications. Those who already have the highest class of secure signature scheme available, will want to make use of it for other contacts. At the middle level we will have the signature schemes which correspond to the European Directive, without attaining the requirements of the accreditation schemes. They are brought onto the market without advance controls. Only one element, the secure signature creation devices, will be checked for conformity with the requirements of the Directive. Under certain conditions, the results of the unchecked digital signature schemes in the form of advanced electronic signatures are to be considered equivalent to the written form. However, it will only be possible to ascertain whether they fulfill these conditions in a subsequent lawsuit. Likewise, it remains unclear whether they will be valid as proof value up to this point. Because they cannot be assigned an assumption of security, due to the fact that they have not been monitored before being put into use, they create a large - in practice prohibitive - expenditure for evidence procedures. Since the schemes are only required to fulfill lower security requirements and do not have to pass a licensing procedure, they will be acquired more easily and could be less expensive than the accredited schemes. They are suitable for business relationships which do not depend on electronic documents which are suitable for use as proof. Since they enable legally binding actions in the entire European Community, in Germany their main field of application will be for international legal relations which do not depend on documents which are suitable for use as proof. Finally, at the lowest level there are digital signatures which do not represent advanced electronic signatures according to the Directive and comprise what is referred to as other schemes in the sense of 1.2 of the Digital Signature Act. They do not meet the regulated security requirements and their security is not examined. They do not satisfy the requirements for written form and, in practical terms, are unsuitable for producing evidence, but enable securing of electronic commerce at a low level. 12

13 These schemes are the least expensive and require the least effort to introduce. As a result, they will achieve broad acceptance. They can be used for short-lived business relationships where payment is immediate or where the business partners are prepared to run certain legal risks. They will be fully sufficient for many routine, low value business contacts. It is possible that a group in one of the three groups described may expand into the area of application of another group. If accredited signatures are regularly used, for example, they can also be applied in business or administrative relations with lower security and proof requirements. In reverse, unregulated schemes could expand into the range of application of the regulated schemes. For example, international signature schemes could have the conformity of their signature creation devices to Annex III of the Directive confirmed and maintain that their certification services adhere to the requirements of Annex II, in order to be able to provide advanced electronic signatures according to the Directive. Which of the three groups will be able to win over segments of electronic legal relations from other groups of schemes, will very strongly depend on the legal and economic framework offered to them by the member states and the European Community. In future, there will be no single uniform digital signatures, but at least three legally differentiated levels of signature schemes will exist in the European community. This need not necessarily be regarded as a disadvantage. Rather, this threefold-division offers the most suitable scheme for each application in respect of costs, organizational expenditure, security requirements and validity of proof. Literature [EC98] [Froomk96] [Rossn98a] [Rossn98a] [Rossna99] European Commisson (EC): Proposal for a European Parliament and Coucil Directive on a common framework for electronic signatures, COM(1998)297final, EC Official Journal No. C 325/5 of Froomkin, A. M: The Essential Role of Trusted Third Parties in Electronic Commerce, Oregon Law Review, Vol. 75, 1996, 49. Roßnagel, A.: Elektronische Signaturen in Europa - Der Richtlinienvorschlag der Europäischen Kommission, Multimedia und Recht 1998, 331. Roßnagel, A.: Die Sicherheitsvermutung des Signaturgesetzes, Neue Juristische Wochenschrift 1998, Roßnagel, A.: Kommentierung des Signaturgesetzes und der Signaturverordnung, in: Roßnagel, A. (Hrsg.), Recht der Multimedia-Dienste, Kommentar zum Informations- und Kommunikationsdienste-Gesetz und Mediendienste-Staatsvertrag, 1. Aufl. München [SigG97] Gesetz zur digitalen Signatur vom , Bundesgesetzblatt I, 1870, in English: <http// 13

14 [SigV97] Verordnung zur digitalen Signatur vom , Bundesgesetzblatt I,