MAKING ELECTRONIC DOCUMENTS ACCEPTABLE IN LAW – PART II OF THE BILL
It’s already possible to authenticate transmitted documents or messages by using an electronic signature – a cryptographical technique that identifies the author of a document. The signature has a second function: it can be used to check that the content of the document or message hasn’t been tampered with. (This technique is sometimes referred to by the acronym ‘PKI’ for ‘Public Key Infrastructure’.)
Under the proposed legislation, electronic signatures on electronicdocuments will be explicitly recognised in law as being equivalent toconventional signatures on paper documents. The Government plans to adjust existing legislation stipulating the use of paper documentation so that signed electronic documents become acceptable substitutes.
MAKING ELECTRONIC DOCUMENTS TRUSTWORTHY – PART I OF THE BILL
For this plan to work, people have to believe electronic documents are as trustworthy as traditional ones. Initially, the Bill proposes a self-regulatory environment for validating the organisations who provide the ‘cryptography services’ used to authenticate messages and safeguard their integrity and confidentiality.
Under the so-called T-Scheme, the Government will maintain a register of those providers who have been independently quality-assured. Ifself-regulation doesn’t work out, the Government could establish astatutory (but still voluntary) scheme.
CRIME: A CONTROVERSIAL AREA REMOVED TO A SEPARATE BILL
The Government wants to ensure that the growth of e-commerce doesn’t lead to an e-crime wave. An earlier draft of the Electronic Communications Bill made provision for law enforcement agencies to get their hands on the means to decode people’s messages, but came under fire for its civil rights implications.
Those issues are now to be the subject of a separate Investigatory Powers Bill. The Government has dropped a proposed requirement for everyone to escrow their private keys just in case they were subsequently suspected of a crime.
EFFECT OF THE BILL
The e-commerce community has mostly reacted positively to the revisedBill. Chris Potter, a PricewaterhouseCoopers partner specialising ine-commerce, says, ‘At the moment, many organisations have PKIimplementations which are really waiting for an application. By fostering business-to-business e-commerce, this legislation should help them to see significant return on their investment.’
HOW ELECTRONIC SIGNATURES WORK
While there are different versions of public key cryptography, the basic idea is that each user has a pair of “keys” – mathematical passwords used in encrypting and decrypting messages. Each pair includes a public key, made generally available, and a corresponding private key, known only to the owner.
The owner can “lock” a message prior to transmission by scrambling itusing an encryption process driven by their own private key – thisscrambling constitutes the signature. The message can then be unscrambled by anyone in possession of the matching public key.
Because the message can only have been scrambled using the private key, the recipient can be confident it’s authentic.
A pair of keys is sometimes used the opposite way round to make messages confidential. If the sender uses the recipient’s public key to scramble a message, it can only be unscrambled with the corresponding private key.
By combining the sender’s and the recipient’s keys, a transmission can be both “signed” and made confidential.
LINKS
For more details of the Bill, see
www.parliament.the-stationery-office.co.uk/pa/pabills.htm
For in-depth discussion of public key cryptography, see
http://www.whatis.com/pki.htm
For a draft EU Directive on electronic signatures to which the Billrelates, see
http://www.europa.eu.int/eur-lex/en/com/dat/1999/en_599PC0195.html |