"Towards a European framework for digital signatures and encryption"

Computer Law and Security Report

Volumn 14, Issue 2, 1998, Pages 79-86

  Julià Barceló, Rosa ^a   Vinje, Thomas ^b  

^a UNIVERSITY OF NAMUR   (Belgium)

^b Morrison & Foerster LLP   (Belgium)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84979807593     PISSN: 02673649     EISSN: None     Source Type: Journal    
DOI: 10.1016/s0267-3649(97)82130-9     Document Type: Article

References (32)

1. COM (97) 503 (hereinafter'Communication'). This communication was foreseen in April 1997 by the Commission's communication entitled "A European Initiative in Electronic Commerce ". (COM (97) 157 final, 16.4.97). DGXIII issued a Green Paper on the same subject on April 24, 1994 entitled "Green Paper on the Security of Information Systems", but no further action was taken at this time.
2. COM (97) 503 (hereinafter'Communication'). This communication was foreseen in April 1997 by the Commission's communication entitled "A European Initiative in Electronic Commerce ". (COM (97) 157 final, 16.4.97). DGXIII issued a Green Paper on the same subject on April 24, 1994 entitled "Green Paper on the Security of Information Systems", but no further action was taken at this time.
3. See US Congress, Office of Technology Assessment Issue Update on Information Security and Privacy in Network Environments, Washington, DC, 1995, at 49.
4. The ability to discover the private key from the public key is increasing as technology (and computing power) progresses. Therefore, the length of key necessary to obtain a reliable digital signature should be under constant review, as must the continued security of the relevant algorithm. Furthermore, technology must also ensure the security of the network. The management of the keys must occur in a secure environment.
5. In the past, most publications have used the expression 'trusted third party' to cover both certification authorities and key escrow and recovery agents. However, the Communication, in accordance with the OECD Guidelines for Cryptography Policy (27 March 1997), uses the words, 'certification authorities' for those entities carrying our integrity services and uses the term 'trusted third party' exclusively for those bodies carrying out services relating to lawful access to encryption keys (key escrow and key recovery).
6. Usually the certificate applicant generates his own private and public keys, and provides them as part of his application to the certificate authority, but it is also possible to set up a system where the certification authority generates the key pair.
7. For example, in Belgium the company Isabel provides certification services within the banking sector and Belsign provides such services more broadly.
8. See Section VI (Structure of the Proposals), Paragraph 43 of the Public Consultation Paper on Detailed Proposals for Legislation "Licensing of Trusted Third Parties for the Provision of Encryption Services" (UK Department of Trade & Industry, March 1997). Although the German law on digital signatures sets up a licensing system for certification authorities (see δ 4 of the Digital Signature Act), this system does not appear to be mandatory.
9. See(A/CN,9/437),A/CN,9/WG.IV/V(/WP.71,andA/CN.9/WG.IV/ WR.73.).
10. In the legislative discussion prior to the approval of Digital Signature Act, it was decided, because of the novelty of the issue, to refrain from including a special provision on liability but to analyse in the future whether special liability rules would be appropriate.
11. See Section VI (Structure of the Proposals), Paragraph 43 of the Public Consultation Paper on Detailed Proposals for Legislation "Licensing of Trusted Third Parties for the Provision of Encryption Services" (UK Department of Trade & Industry, March 1997).
12. Wright, B., Eggs in baskets: distributing the risks of electronic signatures, The John Marshall Journal of Computer & Information Law, Vol. XV, No. 2: 189-201 (1997).
13. See Lamberiere, I., La valeur probatoire des documents informatiques dans les pays de la C.E.E., Revue Internationale de Droit Comparé, No. 3 (1992).
14. For example, Article 1341 of both the Belgian Civil Code and the French Civil Code requires written evidence when the value of the contract (for example, a sales contract) is beyond a certain limit.
15. E.g. Germany. For further comments on this particular issue, see Blechschmidt, R., The German Basic Electronic Data Interchange Model Agreement Versus the European Model EDI Agreement: Some Reflections on German Law, The EDI Law Review, No. 3, 1996, at 107-124.
16. Communication, Section IV.1.2(ii).
17. For UNCITRAL, see 1995 Recommendation (A/40/17), UNCITRAL Model Law for Electronic Commerce of 14 June 1996 (A/51/17). For TEDIS, see TEDIS-Situation Juridique des Etats Membres au regard du transfers électronique de données, Bruxelles, Commision des Communautés. For Trade Facilitation Working Party of UN/ECE see Recommendations UN/EC No. 12; UN/EC No. 13; UN/EC No. 14.
18. For UNCITRAL, see 1995 Recommendation (A/40/17), UNCITRAL Model Law for Electronic Commerce of 14 June 1996 (A/51/17). For TEDIS, see TEDIS-Situation Juridique des Etats Membres au regard du transfers électronique de données, Bruxelles, Commision des Communautés. For Trade Facilitation Working Party of UN/ECE see Recommendations UN/EC No. 12; UN/EC No. 13; UN/EC No. 14.
19. For UNCITRAL, see 1995 Recommendation (A/40/17), UNCITRAL Model Law for Electronic Commerce of 14 June 1996 (A/51/17). For TEDIS, see TEDIS-Situation Juridique des Etats Membres au regard du transfers électronique de données, Bruxelles, Commision des Communautés. For Trade Facilitation Working Party of UN/ECE see Recommendations UN/EC No. 12; UN/EC No. 13; UN/EC No. 14.
20. For UNCITRAL, see 1995 Recommendation (A/40/17), UNCITRAL Model Law for Electronic Commerce of 14 June 1996 (A/51/17). For TEDIS, see TEDIS-Situation Juridique des Etats Membres au regard du transfers électronique de données, Bruxelles, Commision des Communautés. For Trade Facilitation Working Party of UN/ECE see Recommendations UN/EC No. 12; UN/EC No. 13; UN/EC No. 14.
21. For UNCITRAL, see 1995 Recommendation (A/40/17), UNCITRAL Model Law for Electronic Commerce of 14 June 1996 (A/51/17). For TEDIS, see TEDIS-Situation Juridique des Etats Membres au regard du transfers électronique de données, Bruxelles, Commision des Communautés. For Trade Facilitation Working Party of UN/ECE see Recommendations UN/EC No. 12; UN/EC No. 13; UN/EC No. 14.
22. A similar functional approach is embodied in Article 7 of the UNCITRAL Model Law for Electronic Commerce.
23. Communication, Section III.1 (iii).
24. Wassenaar arrangement on export controls for conventional arms and dual-use goods and technologies (Dec. 19, 1995). http://www2.nttca.com:8010/informofa/press/c_s/wassenaar.html; http://ideath.parrhesia.com/wassenaar/wassenaar.html.
25. Wassenaar arrangement on export controls for conventional arms and dual-use goods and technologies (Dec. 19, 1995). http://www2.nttca.com:8010/informofa/press/c_s/wassenaar.html; http://ideath.parrhesia.com/wassenaar/wassenaar.html.
26. Council Regulation (EC) 3381/94, 19.12.94. Council Decision 94/942/CFSP, 19-12.94, OJ L 367/8 (31.12.94), establishes the lists of dual-use goods covered by the Regulation.
27. Communication, Section IV.2(ii).
28. Id.
29. Communication, Section III.2.1.
30. Communication, Section III.2.3.
31. Communication, Section III.2.4. See also Communication, Section III.3(v).
32. In this regard, it is worth noting that the French Government has notified the Commission of its pending encryption proposals.