You are on page 1of 32

MODULE I: ELECTRONIC COMMERCE

"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY


MAY BE, DIGITAL SIGNATURES ALONE CANNOT OVERCOME
THE LACK OF CONFIDENCE THAT ASSAILS THE
DEVELOPMENT OF B2C
E-COMMERCE" DISCUSS
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003

TABLE OF CONTENTS

INTRODUCTION

PART I: BACKGROUND TO DIGITAL SIGNATURES


What is a Digital Signature?
Functions of Digital Signatures
Nature of Digital Signatures
I Digital Signatures and Public Key Cryptography
II Digital Signatures, Digital Certificates and Authentication
Advantages of Digital Signatures
Comparison of Digital and Handwritten Signatures

PART II: PLACING DIGITAL SIGNATURES IN A LEGAL


FRAMEWORK
Legislation
Case Law

PART III: OBSTACLES TO THE GROWTH OF B2C E-COMMERCE


Shortcomings of Digital signatures
Obstacles to the development of B2C e-commerce

PART IV: THE FUTURE OF DIGITAL SIGNATURES AND B2C E-


COMMERCE

CONCLUSION

BIBLIOGRAPHY

2
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003

SUMMARY

This essay agrees with the assertion that "Useful though they may be, digital signatures alone
cannot overcome the lack of confidence that assails the development of B2C e-commerce".

Part I embodies a brief introduction, describing the nature, functions and benefits of digital
signatures, essentially depicting how they are useful in B2C e-commerce.

Part II examines the legislation establishing, enforcing and relating to digital signatures.

Part III addresses the disadvantages of digital signatures showing how digital signatures alone
cannot overcome the lack of confidence that assails the development of B2C e-commerce. By
highlighting other factors that contribute to lack of confidence in B2C e-commerce, this essay
clearly encompasses the need for a lot more than digital signatures to boost the confidence
required to further B2C e-commerce transactions.

Part IV concludes the essay by considering the future of digital signatures in particular and B2C
e-commerce in general.

INTRODUCTION

The exponential growth of the Internet and subsequently electronic commerce


(E-commerce) has increased the efficiency of businesses and consumers seeking to purchase
goods, services, or intangibles by placing these objects just a keystroke away. This has fuelled
both the desire and potential for both business-to-business (B2B) and business-to-consumer
(B2C) transactions across open networks. However, doing business electronically over
cyberspace, breeds issues of confidentiality, identification and trust and has increased the risk
of exposure to unfair market practices, insecure means of payment, loss of privacy and the
lack of enforceable remedies. Thus sparking off a legal debate, primarily in the context of
security, in terms of the security and confidentiality of information passed on between parties
and the security and certainty of knowing with whom one is doing or about to do business with.
To combat this problem, digital signatures have arisen. For B2C e-commerce to flourish, a
reliable form of digital signatures is critical as a means towards defining and creating online
enforceability of cyberspace trade. However digital signatures alone, cannot overcome the lack
of confidence that assails the development of B2C e-commerce.

3
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003

PART I: BACKGROUND TO DIGITAL SIGNATURES

What is a Digital Signature?

Numerous scholars and legislators have attempted to define the term digital
signature and many bodies, organisations and countries worldwide have adopted
different definitions of digital signatures.

The PC Webopaedia (Definition and Links) defines a digital signature as

"A digital code that can be attached to an electronically transmitted message that
uniquely identifies the sender."1

The Directive of the European Union2, describes a digital signature as

“a signature in electronic form in, or attached to or logically associated with data and used
by a signatory to indicate that signatory’s approval of the content of that data and which
meets the following requirements -:
(a) is uniquely linked to the signatory
(b) is capable of identifying the signatory
(c) is created using means that the signatory can maintain under his sole control and

(d) Is linked to the data to which it relates in such a manner that it is revealed if the data
is subsequently altered."

According to Article 1 (b) of the Italian Digital Document Regulations of 10th


November 1997 3
a digital signature is defined as

1
<http://www.pewebopaedia.com/digital_signature.html>
2
Proposed on May 13,1998
3
Also known as the Presidential Decree 513 of 1997

4
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003
“The result of the computer procedure (validation) based upon a system of
asymmetric keys4 in pair, one public5 and one private6, which allows the subscriber, by
virtue of

The private key to (i) manifest and (ii) verify the origin and integrity of a computer
document or a set of documents”

This definition was further refined in the Italian legislation; Presidential Decree No.
445 of December, 2000, (Consolidation Act) which describes a digital signature as

“the result of a computer based process (validation) implementing an asymmetric


cryptographic system consisting of a public and private key, whereby the signer
asserts, by means of a private key, and the recipient verifies by means of a public key,
the origin and integrity of a single electronic document or a set of such documents".

According to the Electronic Signatures (in Global and National) Act7, a digital
signature is

"A secure electronic signature which uses encryption and passwords to protect the
integrity of the signature and guarantee the authenticity of the party who signed it".

Digital signatures can therefore be described as electronic signatures based on public


key cryptography. However, it is important to note that although a digital signature is
an electronic signature, an electronic signature is not necessarily a digital signature.
The clear difference between electronic and digital signatures is depicted by the
table below.
Electronic Every way of authenticating data by means of information technology.
signature
Examples of Digital Signatures Protocols based on asymmetric encryption which can ensure the
Electronic authenticity and integrity of electronic data.
Signatures
Examples of Blind Signatures Digital signature protocol which allows a person to sign a
Digital document without knowledge of the contents of the document.
Signatures

4
Article1 (d) defines these as “the pair of crypto graphic keys, one private and one public, complementing
each other, to be used within systems of validation or encrypting of electronic documents”.
5
Article 1 (f) pubic key means the item, within an asymmetric key pair, that is meant to be made public
and that is used to verify the digital signature affixed to electronic documents by the holder of the
asymmetric keys or to encrypt electronic documents for transmission to the holder of the asymmetric
keys.
6
Article 1 (e) means the item of the asymmetric keys pair that is meant to be known only by the holder,
either the digital signature is affixed on the electronic document or the electronic document previously
encrypted with the corresponding public key is decrypted.
7
Act 2000, (E-Sign Act) <http://thomas.loc.gov/cgibin/query/D?c106:6:.temp/~c106Nii0hw>

5
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003
Fail-stop Digital Signatures Digital signature protocol which allows a signature holder to
prove that a digital signature is forged.
Proxy signatures Digital signature protocol which allows the signer to give
authority to sign a message to someone else, without disclosing
his private key.

Undeniable digital Digital signature protocol which cannot be verified without the
signatures signer's consent (to prevent exact copying of digital signatures)
(e.g.) Designated confirmer signatures which allow an individual
other than the signer to verify the signer's signature.

Table A: Definition of Electronic and Digital Signatures8

In accordance with the definitions embodied above, digital signatures are essential
for the authentication of documents transferred online. Therefore digital signatures
are important to B2C E-commerce to provide both the security and accuracy
consumers and buyers are searching for over the Internet.

Functions of Digital Signatures

"Through the centuries several forms of signature have been used to serve the legal
function of identifying the signatory and proof of declaration of will; the material
expression of the animus signandi of the signatory".9

Digital signatures are an important example of encryption technology that today


plays a major role in electronic commerce and information system security10 in
general and B2C e-commerce in particular.

Digital signatures provide five important functions namely11: -

i Authentication

Digital signatures serve to authenticate the identity of the person who signed the
document making it known who participated in the transaction, and verifying that
the document has come from the claimed party.
8
<http://rechten.kub.nl/simone/Ds-art2.htm>
9
Georgios I. Zekos "Legal problems in Cyberspace", Department of International Economics, Democritos
University of Thrace, Amvrosia-Komotini, Greece at p 71.
10
Jane K. Winn, "The Emperor’s New Clothes: The Shocking Truth about Digital Signatures and Internet
Commerce", Idaho Law Review Symposium on The Uniform Electronic Transaction Act (UETA).
11
Angel J, "Why use Digital Signatures for Electronic Commerce," Commentary; The Journal of Information,
Law and Technology (JILT) 1999 (2) <http://elj.warwik.ac.uk/jilt/99-2/angel.htm>: -

6
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003

ii Integrity

Digital signatures protect the integrity of the document making it possible to


know that the message read has not been changed.

iii Non-repudiation

Digital signatures ensure that it can be proved at a later time who participated in
the transaction so that it is evident who sent or received the data.

iv Authority

Digital signatures determine the authority of the signing party.

v Legal commitment

Due to the development of Digital signatures, consumers and/or buyers and


merchants and/or sellers doing business online can sign documents in a legally
binding fashion.

Nature of Digital Signatures

"Several different methods exist to sign documents electronically, varying from simple
methods such as inserting a scanned image of a handwritten signature in a word
processing document to the use of cryptography"12

There are two major types of cryptography used in digital signatures namely
symmetric cryptosystem and asymmetric cryptosystem. Through the use of
cryptography, communications and information stored and transmitted by computers
can be protected against interception,13 thus enhancing B2C e-commerce by ensuring
that the privacy of online shoppers is well protected.

12
A Common Framework for Electronic Signatures, Computer Law & Security Report Vol.15 No.2 1999, pp
106- 112
13
M.S. Baum (1999) "Technology Neutrality and Secure Electronic Commerce: Rule Making in the Age of
'Equivalence'", Verisign Inc.1999 <http://www.com/repository/pubs/tech_neutral>

7
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003

I Digital Signatures and Public Key Cryptography

"A customer making an on-line purchase simply transmits at the push of a button a
three tiered computer message containing a special decoder key; a message with the
goods
that are being purchased and their pricing; and a digital certificate", which contains
the user's identity, partial credit card number and the Bank that issued the customer's
credit card. The merchant uses the key to unlock the message, and uses the certificate
to verify the identity of the buyer and the buyer's credit. Once the buyer is deemed
legitimate, the purchase is put through and a bill is sent.......Thus a card thief would
not only have to gain access to a holder's credit-card number, but would also have to
gain access to break the digital keys to make the purchase"14

A digital signature results from the association of three essential elements namely a
document, an encryption technique and a certificate. The encryption and the
certificate are essential for identifying the author and guaranteeing the
authentication of the document.

The most common encryption used by digital signature technology is public key
encryption techniques (PKI); using two encryption keys known as private and public
keys. Whereby the signatory of the document(s) and/or communication(s) encrypts
them by means of a private key. The recipient then deciphers the coded message
using the public key. The recipient can on receipt of the document check the identity
of the signatory and verify the integrity of the message by calculating the impression
and comparing it with that which is deciphered. Where the two are identical it means
that the content has not been tampered with15.

II Digital Signatures, Digital Certificates and Authentication

Authentication is an essential requirement to enforce access control, determine who


is authorised to receive or modify information, enforce accountability and achieve

14
Jared Sandberg, "Visa to Introduce Codes to Protect On-Line Purchases", Wall Street Journal, Sept. 22 at
B2.
15
Alexandre Menais and Sophie Des Courtiis "Electronic Signatures in France" - COMPTLR 2002, 8 (8) 204-
205

8
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003
non repudiation.16 Digital signatures, authenticated with reference to
certificates administered within a “public key infrastructure” bear tremendous
promise as

a solution to the problem of establishing the identity of parties doing business in


cyberspace.

The Certification Authorities role is to authenticate the ownership and characteristics


of the public key ensuring that it can be trusted. Once the Certification Authority is
satisfied that it is correct, it will issue a certificate containing the key and other
details.17

The certificate will be digitally signed with the Certification Authority's private key to
establish the correlation with the key owner. When the Certification Authority's public
key is added, a simple automatic verification is possible. Consequently the recipient
must have confidence in the Certification Authority 18 and it is essential for
Certification Authorities to trust each others authority. Therefore, there exist methods
of certifying the Certification's Authority's identity and authenticity of the issued
certificate (self-certification, cross-certification and root).19

Once the Certification Authority has verified the identity of the signatory, anyone who
reviews the certificate may rely on it unless it has been publicly revoked. If the
certificate is incorrect the Certification Authority may be held liable for any damages
incurred by the recipient.

The use of technology in relation to trusted third parties provides an efficient system
of establishing a secure and user friendly environment for B2C e-commerce.

Advantages of Digital Signatures

As depicted by my essay so far, it is evident that digital signatures offer better


security, reliability and transparency in B2C e-commerce by minimizing the risk of

16
Ford W & Baum M S (1997) "Secure Electronic Commerce: Building the infrastructure for digital
signatures and encryption" (Prentice Hall, Inc., New Jersey) at pp 126
17
Jane K. Winn, "The Emperor’s New Clothes: The Shocking Truth about Digital Signatures and Internet
Commerce", Idaho Law Review Symposium on The Uniform Electronic Transaction Act (UETA).
18
John Angel and Rico Colleja "European Commission: Computers-Encryption", COMPTLR 1998, 4(2), N25-
27.
19
Ibid.

9
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003
fraud, or persons who attempt to escape responsibility by claiming to have been
impersonated. They satisfy the need for message integrity by preventing
unauthorized access to data, detecting any message tampering and diminishing the
danger of online malpractice. Therefore open network systems can be gratified with
efficiency in data interchanges

between businesses and consumers promoting cost effective and safe information
exchange that respects the consumers' right of privacy. 20

Comparison of Digital and Hand Written Signatures

Digital signatures share a likeness with their physical world counterpart such as: -

• Both provide security by way of authentication, data integrity, and non-repudiation.

• Both have legal standing.

However there are numerous dissimilarities between Digital and Hand written
signatures as envisaged below21: -

• A handwritten signature is biologically linked to a specific individual, whereas


a digital signature relies on a private signature key and procedures
implemented by a Certification Authority.

• Handwritten signatures are under the direct control of the signer, whereas
digital signatures must be applied by a computer command.

• The mechanisms of forgery and the detection of such forgery are


fundamentally different.

• The data integrity service provided by digital signatures is much stronger than
that provided by handwritten signatures.

20
Spyrelli, C, "Electronic Signatures: A Transatlantic Bridge? An EU and US Legal Approach Towards
Electronic Authentication", The Journal of Information, Law and Technology (JILT) 2002(2)
<http://elj.warwick.ac.uk/jilt/02-2/spyrelli.html>
21
<http://www.hat-hat.com/academia/digitalsignature.ppt>

10
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003
• Handwritten signatures can be witnessed, whereas digital signatures can only
be notarized.

• Handwritten signatures can be verified in perpetuity, whereas digital


signatures will soon become unverifiable due to data processing equipment
and cryptographic standards obsolescence and certificate expiration.

• Handwritten signatures are inherently secure against repudiation whereas


digital signatures require third party time-stamping to augment their non-
repudiation security service.

• Handwritten signatures are all roughly equivalent in the level of security they
provide. While digital signatures vary widely in the strength of the security
services they offer, depending on the certificate policy associated with the
signer.

• Handwritten signatures are simple and easy to understand. Digital signatures


are fiendishly complex, involving arcane number theory, the workings of
computer operating systems, communication protocols, certificate chain
processing, and certificate policies.

Following from the above therefore, it is evident that digital signatures are indeed
useful in B2C e-commerce to encourage consumers to trust and have confidence in
online transactions, by providing an avenue through which e-documents and/or data
can be sent from one party to another with an assurance of identity, authenticity,
integrity, and non-repudiation. However, without legal remedies for the flaws of
online transactions, privacy, security, and numerous other ingredients that will be
discussed later on in my essay, digital signatures cannot solve the predicament of
the lack of confidence that assails the development of B2C e-commerce.

11
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003

PART II: PLACING DIGITAL SIGNATURES IN A LEGAL


FRAMEWORK

Digital signatures are widely recognised as imperative for the development of e-


commerce and the ability to make binding, trustworthy and non reputable contracts
online. Legislators have developed three basic approaches for Digital Signature
legislation specifically: -

i The Minimalist approach

This approach aims at uniform use, recognition and enforceability of digital


signatures by removing legal obstacles from online commerce, avoiding new
regulations and establishing a technology-neutral status (e.g.) UNCITRAL Model Law
on Electronic
Commerce, UETA and E-SIGN.22 Legislation that follows this approach defines
circumstances under which electronic signatures will fulfil the existing legal
requirements for tangible signatures.

ii The Prescriptive Approach

The Prescriptive approach creates a legal framework for the operation of digital
signatures whether or not other forms of secure authentication are allowed.
Legislation and regulations embodied in this approach require public key encryption,
impose certain operational and financial requirements on Certification Authorities and
specify circumstances under which reliance on digital signatures is justified. The
focus centres on the establishment of a legal framework for the operation of digital
signatures as well as a reflection of formal requirements applicable in offline
transactions23. International regulations under this approach adopt PKI as the
approved technology of generating digital signatures (e.g.) ABA -Digital Signature

22
Spyrelli, C, "Electronic Signatures: A Transatlantic Bridge? An EU and US Legal Approach Towards
Electronic Authentication", The Journal of Information, Law and Technology (JILT) 2002(2)
23
ibid

12
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003
Guidelines24and EU wide standardisation initiative (EESSI)25. This approach aims at
ensuring that digital signatures can fulfil the

requirements of identification, authentication and non repudiation in e-commerce, in


the most reliable way.

iii The two tier approach

This approach creates a general framework for electronic authentication but also
specifies standards for the use of digital signatures granting minimum recognition to
most authentication technologies while at the same time incorporating provisions for
digital signatures. It provides time resistant regulations by setting requirements for e-
authentication methods with minimum legal power, attributing greater legal effect to
widely used techniques. It does not specify only one technology but leaves room for
future technologies to develop 26
(e.g.) UNCITRAL Model Law on Electronic Signatures.

Legislation

"The legal significance in a signature does not lie in the form of the signature but in
the information it conveys"27

Due to the fact that electronic commerce provides new ways to commit old crimes, 28
and numerous statutes require certain contracts to be in writing, there has been an
explosion of legislation worldwide that has codified digital signatures into law. For
example Germany has introduced the Digital Signature Law, France has enacted a
law introducing trusted third parties, Belgium, Italy and Sweden have also introduced
similar legislation. In Latin America, Colombia has approved a digital signature law.
24
<http://www.abanet.org/scitech/ec/isc/dsgfree.html>
25
<http://www.ict.esti.org/eessi/final-Report.pdf>
Spyrelli, C, "Electronic Signatures: A Transatlantic Bridge? An EU and US Legal Approach Towards
Electronic Authentication", The Journal of Information, Law and Technology (JILT) 2002(2)
26
<http://www.ict.esti.org/eessi/final-Report.pdf> Spyrelli, C, "Electronic Signatures: A Transatlantic Bridge?
An EU and US Legal Approach Towards Electronic Authentication", The Journal of Information, Law and
Technology (JILT) 2002(2)
27
Vaughan J., Stewards, T., Kelso R., "Study of the Law of Internet Commercial Transactions" (1997) at p 34
28
Swindells C et al, "Legal Regulation of Electronic Commerce" 1998 (3) The Journal of Information, Law
and Technology (JILT)
27

28

13
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003
And Israel has published a bill that regulates signatures on electronic media such as
e-mail and e-commerce. All of these examples demonstrate that digital signatures
are gaining

momentum, validity and legality for use in electronic business transactions in general
and B2C e-commerce in particular.29

Having browsed through the various approaches that digital signature legislation can
take as illustrated above, I shall take a brief glance at a few examples of significant
legislation introduced by the United Nations, United Kingdom and United States that
provide for, promote and/or regulate the use of digital signatures, thus facilitating
B2C e-commerce.

UNCITRAL (United Nations Commission on International Trade Law) Model Law on


Electronic Commerce 1996 30

In June 1996 the Model Law was completed by UNCITRAL and approved by the
General Assembly by non-vote resolution, for regulating electronic commerce. It is
similar to the US proposal for a Commercial Code however; its effects are not
binding. The onus is upon individual nations to adopt legislation based on the US
model.31

Articles 5 provides that


"Information shall not be denied legal effect, validity or enforceability solely on
grounds that it is in the form of a data message"

Art 7(1) states that

29
UNCITRAL Model Law on Electronic Commerce with Guide to Enactment (1996) U.N. Doc
a/cn.9/ser.a/1996
30
<http://www.uncitral.org/english/electcom/index.htm>
31
Swindells C et al, "Legal Regulation of Electronic Commerce" 1998 (3) The Journal of Information, Law
and Technology (JILT)

14
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003
"A data message meets the legal requirement of a signature if a method is used to
identify the person and indicates the person's approval of the contents of the message
and that method is as reliable as appropriate under the circumstances"

The Electronic Signatures Directive

This legislation was introduced by the European Union (EU) as a Signature Directive 32

and lays down the minimum requirements for digital signature certificates and
certification services and requires legal recognition of digital signatures to the same
extent as written signatures, especially in cross border transactions. It also
distinguishes between electronic signatures in general and advanced electronic
signatures. In brief 33
it gives legal recognition to digital signatures and also
envisages co-operation with third countries to enable the recognition of digital
signatures that have been certified by a Certification Authority in a third country,
provided that the Certification Authority meets the requirements of the directive or
is situated in a country which has negotiated an agreement with the EU.

The Electronic Communications Act 2000 (ECA)

This Act by virtue of Section 7 provides for the admissibility of digital signatures and
related certificates in legal proceedings.

United States Legislation

U.S. legislation aims at uniform use, recognition and enforceability of digital


signatures by establishing a technology-neutral status, removing legal obstacles from
online commerce, and avoiding new regulations.

32
1999/93/EC...on a community framework for electronic signatures which came into force on 19th January
2000 with the primary objective of discouraging the divergence between various states treatment of
electronic signatures and in particular creation of barriers to free trade within the EU
33
the definitions being as follows
1) electronic signature means data in electronic form which are attached to or logically associated
with other electronic data and which serve as a method of authentication;
2) advanced electronic signature means an electronic signature which meets the following
requirements:
a) it is uniquely linked to the signatory
b) it is capable of identifying the signatory
c) it is created using means that the signatory can maintain under his sole control; and

15
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003

Electronic Signatures in Global and National Commerce Act (Electronic Signatures


Act)

In 2000, Congress enacted the Electronic Signatures in Global and National


Commerce Act (Electronic Signatures Act-E-SIGN)34 which provides for a
federal legal framework for e-commerce. It provides the basic rule of digital
signatures and electronic contracts by making them applicable
notwithstanding any statute, regulation or rule of law. It establishes that a
signature related to interstate or foreign transactions cannot be denied legal
effect because it is in electronic form, subject to certain exceptions. E-SIGN
seeks to promote electronic commerce by permitting and encouraging the use
of electronic records and signatures in transactions in interstate and/or foreign
commerce."35 Generally, E -SIGN provides that, with respect to any
transaction 36
within its scope, a signature, contract or other record relating to
the transaction may not be denied legal effect, validity or enforceability solely
because it is in electronic form.37 Similarly, E-SIGN provides that a contract
relating to such transaction may not be denied legal effect, validity or
enforceability solely because an electronic signature or electronic record was
used in its formation38

Uniform Electronic Transactions Act (UETA)39

UETA establishes that where a law requires a signature, an e-signature (sound,


record, or process attached to or logically associated with a record and executed or
adopted by a person with the intent to sign the record) will suffice. An e-signature is
attributable to a person if it can be shown in any manner to be an act of the person.

34
Electronic Signatures in Global and National Commerce Act, Pub. L. No. 106 -229, 114 Stat.464 (2000
35
Joseph. A. Zavalette, J.D.,"Using E-Dispute Technology to Facilitate the Resolution of E-Contract Disputes:
A Modest Proposal", University of Florida Journal of Technology Law and Policy, June 2002, Vol 7, no 1.
E-SIGN preamble
36
E-SIGN section 106(13) [15 U.S.C. 7106(13)] defines the term "transaction" generally to mean "an action
or set of actions relating to the conduct of business, consumer or commercial affairs between two or
more persons."
37
E-SIGN section 101(a) (1) [15 U.S.C. 7001(a) (1)]. Note, however, that section 101(e) of E-SIGN [15 U.S.C.
7001(e)] provides that legal effect, validity or enforceability may be denied to a contract or other
record required to be in writing that is kept in electronic form if the electronic record is not in a form
that is capable of being retained and accurately reproduced for later reference by all involved parties
38
E-SIGN section 101(a) (2) [15 U.S.C. 7001(a) (2)]
39
State initiative developed by t he National Conference on Commissioners on Uniform State Laws in July
1999 - as of September 1, 2001, adopted by twenty three (23) states

16
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003

Despite the widespread support that electronic commerce has received from
governments worldwide, a certain degree of uncertainty remains regarding the legal
validity of online transactions such as the conclusion and repudiation of online
contracts. Digital signature legislation should seek efficient and just solutions to the
facilitating of electronic form and means.40

Case Law

"There has been no case law challenging whether a digital signature is legally
binding.....Everybody's fear is that some piece of the puzzle would lead some party in the deal to
get stuck with a transaction that doesn't have money on the other side" Larry Zanger, Chairman
of McBride Baker& Coles, a Chicago - based IT and e-commerce law firm. 41

One case which supports the use of digital signatures is the first English decision
about electronic signatures; the case of Standard Bank London Limited Vs Bank of
Tokyo Limited 42
where it was clearly established that where a system of reliance on
electronic signatures is well established, the courts will consider this and place the
burden upon the holder of the key to take every possible precaution to ensure
against misuse or fraud of the key and not on the party receiving the authenticated
message to investigate its authenticity. The facts of this case are as follows:

Three letters of credit were issued to the Standard Bank London Limited by the Bank
of Tokyo Limited in the amounts of US$ 5,000,000 (Five million United States
Dollars), US$ 4,000,000 (Four million United States dollars) and US$ 10,000,000 (ten
million United States
dollars) respectively. The authenticity of the signatures had been verified by a tested
telex authorised and sent by the Bank of Tokyo.

The Standard Bank London Limited made loans to the tune of the value of the letters
of credit. And assigned the second and third letters of credit to Sudwestdeutsche

40
Graham Smith "Legislating for Electronic Transactions" , Internet Law and Regulation, Sweet and
Maxwell, 2002
41
Digital Signatures by Deborah Radcliff , Computerworld, April 10,2000
42
Times April 15, 1995 (QBD (Comm. Ct)

17
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003
Landebank Girozentrale. The latter, on receiving tested telex’s from the Bank of
Tokyo confirming the authenticity of the signatures, released funds to Standard Bank
of London Limited and kept the first letter of credit to claim under it on maturity.

When it was discovered that the tested telexes sent to the Standard Bank London
Limited and Sudwestdeutsche Landebank Girozentrale were sent by fraudsters the
two banks sued the Bank of Tokyo for negligent misrepresentation.

The Court held as follows: -

1. Where a clear representation was made in the ordinary course of business,


normally the recipient would be fixed with notice of dishonesty, or of facts that
should put it on inquiry as to dishonesty, or if it had been wilfully blind. Want of
probity would normally be necessary rather than mere negligence. The more
usual the circumstances and the clearer a representation appeared to be, the less
the duty to inquire should be, and the less likely there would be circumstances
which would put anyone on inquiry.

2. Neither Standard Bank London Limited’s employees nor anyone with the bank
was put on notice of any fraud in the underlying transaction. Therefore Standard
Bank London Limited was entitled to rely on the relevant authenticated document
and to present conforming documents under the first letter of credit.

3. When the bank of Tokyo was asked by Sudwestdeutsche Landebank Girozentrale


for authentication the former owed the latter a duty of care to ensure the
authenticity of
the signatures. There was therefore negligence on the Bank of Tokyo’s part and
Sudwestdeutsche Landebank Girozentrale was therefore entitled to recover. 43

43
Graham J. H. Smith "Telecommunications: Electronic Signatures" COMPTLR 1996, 2 (1), T17, Sweet &
Maxwell Limited

18
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003

PART III: OBSTACLES TO THE DEVELOPEMNT OF B2C E-


COMMERCE

Shortcomings of Digital Signatures

"While the cryptographic principles behind digital certificates are widely accepted, the
technology surrounding them remains far from bullet proof...Furthermore the general
public remain woefully unprepared to safeguard its own security...And the
accumulation of personal data such as social security, birth date, and account
numbers stored in an easy package like a digital certificate could prove easy pickings
for anyone who gains control over a computer, either through broadband connection
or by stealing a laptop.44

Digital signatures have the potential to have a great impact on B2C e-commerce by
allowing us to identify ourselves and make commitments in cyberspace in much the
same way as we do in actual space. Nonetheless, digital signatures have significant
limitations, the most significant being their temporary nature. The disadvantages of
digital signatures that hamper the growth of B2C e-commerce and contribute to the

lack of confidence that assails such growth include the following: -

Public Key Infrastructure (PKI) which is widely used for digital signatures like most
key recovery systems is inherently less secure, more costly and more difficult to use
than similar systems without a recovery feature. Key recovery degrades many of the
protections available from encryption, such as absolute control by a user over the
means to decrypt data. Furthermore, a global key recovery infrastructure can be
expected to be quite complex and costly. The impact of key recovery can be
considered in three dimensions45 namely: -
i Risk
44
"E-Signatures at your Online Broker? Better Be Careful, Douglas Harbrecht, Business Week Online ,
December 12 ,2000
45
The risks of Key recovery, Key escrow and trusted third party encryption
<http://www.crypto.com/key_study>

19
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003
ii Complexity
iii Possible Economic Cost

i Risk

The Failure of key recovery mechanisms can jeopardize proper operation of digital
signatures, leading to loopholes in confidentiality and ultimate security (e.g.) where
there exists the improper disclosures of keys or theft of valuable key information.46

ii Complexity

" Digital signatures are coming but they are not here yet. Legal and Technical barriers
still stand in the way of widespread adoption.47

Although it may be possible to make key recovery reasonably transparent to end


users of encryption, a fully functional key recovery infrastructure is an extraordinarily
complex system, with numerous new entities, keys, operational requirements and
interactions. Therefore making digital signatures less user friendly.

Lack of High speed Internet access may prove to be another stumbling block for
small businesses seeking to enter the digital signing age. 48
While efforts have been
made over the last year to design key recovery systems for commercial purposes,
they do not alleviate the concerns raised by deployment at the scale and in the
manner required to meet government demands. The design of secure key recovery
systems remains technically challenging, and the risks and costs of deploying key
recovery systems are poorly understood.

iii Possible economic cost

Lack of common technology to be used for all transactions and technology barriers
-means that although both small and medium sized companies may receive digital

46
ibid
47
ibid
48
ibid

20
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003
signature capabilities form application service providers; their equipment may need
costly upgrades to be compatible with new software.49

Privacy Implications

"Digital signatures won't do away with criminals. In fact, it will give some of them a
new hunting ground. The hacker's pot of gold at the end of the server just got bigger"
50

Ordinary digital signatures have a fundamental limitation; like many cryptographic


techniques, security guarantees last only as long as secrets remain unrevealed. If the
secret signing key becomes known to an adversary one cannot trust any signature
produced with that key regardless of when. If a secret decryption key becomes
known to an adversary then any encrypted message even if it was sent long before is
not guaranteed to remain private. This would mean therefore that the secret key of a
signer (past and future) could become worthless. This limitation undermines the non-
repudiation property that digital signatures are often intended to provide.

Authentication

Digital signatures can only authenticate the source and not the content of a data
packet. This is disadvantageous for example during a malicious attack or sabotage
where a malicious node returns erroneous data. The node can be either an internal
saboteur who is a participating volunteer or an external spoofer. Therefore a node
that is not a volunteer can send forged messages that look like they came from one
of the volunteers.

Identification

Public Key cryptography guarantees the integrity of the message but does not
guarantee the identity of the sender (public key owner). 51
However the paramount

49
Jesse Berst, "Sign of Trouble: The Problem With E-Signatures" ZDNet, Monday July 17, 2000
50
ibid
51
Swindells C et al, "Legal Regulation of Electronic Commerce" 1998 (3) The Journal of Information, Law
and
Technology (JILT)

21
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003
draw back of this is the fact that one cannot be absolutely sure that the person
sending the message is not using a third party’s digital signature. Only the physical

presence of the signatory at the time of the attribution of a digital signature allows
optimal security, by the establishment of a link between the signature and the person
designated by this signature.

Other obstacles to the development of B2C E-Commerce

"The lack of consumer contractual protections is indirectly costing merchants and


52
consumers the most important intangible commodity in cyberspace: trust"

It is believed that the main factor hindering the development of B2C e-commerce is
consumers’ lack of confidence in providing their credit card details over the internet,
despite the fact that it is believed to be more secure to give your details on the
internet than over the phone. This is mainly due to the noticed insecurities typical to
open networks; messages that can be intercepted and manipulated, the validity of
documents that can be denied and personal data that can be illicitly collected. In
light of this, security issues relating to online transactions are paramount in
importance if B2C e-commerce is to flourish.

"A hacker today is sort of like the guy who goes around rattling all the windows and
53
doors in a neighbourhood, and there is a pretty good chance he will find one open"

There are numerous factors which lead to breach of consumers' security and
subsequently evasion of consumers' privacy which thus contribute to the lack of
confidence in B2C e-commerce,

"...Almost every website you visit is trying to plant cookies on your computer....Your
every move on the internet is being recorded by someone somewhere"54

52
- Digital Signatures by Deborah Radcliff , Computerworld, April 10,2000
53
Lizette Alvarez & Jeri Clausing, Senate Approves Bill that Allows Online Contracts, N.Y. Times June 17,
2000 at A1 (quoting Senator Ronald Wyden of Oregon, sponsor of the Electronic Signatures in Global
and National Commerce Act ("E-SIGN")
54
"No hiding place: The protection of privacy will be a huge problem for internet society" The Economist,
(Digital dilemmas; A survey of the internet society) January 25th 2003 at p.5

22
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003

Special devices used by content providers to improve the access to and services
offered on their websites clearly contribute to the lack of online security. (e.g.)
cookies which

make it possible for a web server to recognise a web client and enables certain
features that are useful for surfing and on-line commerce, at the same time they also
enable the
surreptitious collection of information from the user. Many sites that enable cookies
do not inform the user that information about them being placed on their system.
To add insult to injury, technically speaking, with each visit to the internet a
consumers online stroll can be traced as data is collected. Electronic recording of
"click stream" data may take place at various levels including the proxy servers, or
servers of the access or content providers. 55

Lack of privacy policies provided by online businesses and/or Websites

Even though privacy is one of the top most concerns of internet users, few websites
today actually have privacy policies or provide users with information about privacy
practises. Many Internet sites collect personal information from users through online
registration, surveys and forms while information is also collected surreptitiously with
cookies. When the Electronic Privacy Information Centre (EPIC) reviewed 100 of the
most frequently visited web sites ranked by the website www.top100hot.com to see if
those that collected personal information, had established privacy policies, they
discovered that none of these web sites met the basic standards for privacy
protection.56

Another invasion of privacy and security emanates from identity fraud. The internet
provides a good breeding ground for the villains who perpetuate identity theft and
fraud" "57

Lawrence. E. Williams, a New Orleans bank employee opened accounts at Internet


bank Wingspan and other Internet Bank or credit card accounts under the names of a

55
Data Protection and Privacy on the Internet: Technical Considerations and European Legal Framework by
Tanguy Van Overstraeten and Emmanuel Szafran at the conference held on October 24-25, 2000 by
Hawksmere Business Law International in Amsterdam on the legal aspects of International E-Commerce.
56
Surfer Beware: Personal Privacy and the Internet June 1997 and Surfer Beware II Notice is not Enough -
June 1998 - Electronic Privacy Information Centre - at http://www.epic.org/
57
"E-Signatures Wait to Make Their Mark" Julie Fields, Business Week Online, January 25, 2001

23
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003
number or prominent local citizens. Through his job at the bank he accessed his
58
victims' personal information.....

In today's booming e-commerce market, a hacker's diligence stands to be


handsomely rewarded. Therefore risks in B2C e-commerce do not only lie on the
consumer side but also apply to businesses as well. These risks are two fold since
businesses that wish to transact via the Internet have to protect their customers from
hackers and also protect themselves contractually from dishonest consumers. 59

There are numerous fears and problems of online B2C e-commerce as envisaged
above therefore, useful though they may be digital signatures alone cannot
overcome the lack of confidence that assails the development of B2C e-commerce.

PART IV THE FUTURE OF DIGITAL SIGNATURES AND B2C E-


COMMERCE

Although digital signatures are the latest authentication tool in the continuing
advancement of communications technology it seems unlikely that digital signatures
will fully replace handwritten signatures in the foreseeable future. Handwritten
signatures are advantageous because they are fast, cheap, easily understood, and
last forever. With consumers already concerned about revealing credit-card numbers
online, the prospect of losing the last bastion of personal security- the handwritten
signature- is daunting. 60

Handwritten signatures will probably continue to be used for authenticating


documents such as treaties and signing bills into law. According to Sunil. K. Roa61 the
future of digital signatures is as follows: -

58
Identity Fraud - The Great E-Commerce Roadblock - Paul A. Greenberg, E-Commerce Times, July 12,
2001
59
University of Richmond Law Review, January 2002, Digital Handshakes in Cyberspace under E-SIGN
"There's a new Sheriff in Town" Michael H.Dessent.
60
"E-Signatures: Unsigned, Unsealed, Undelivered, Paul A. Greenberg, E-Commerce Times, June 5, 2001
61
Sunil K.Rao "A Digital Signature Architecture and Roadmap" Paper for MIT 6.805/STS085: Ethics and Law
on the Electronic Frontier, Fall 1999

24
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003
• The use of digital signatures for high-value financial transactions outside the
protection of trading partner agreements is likely to proceed relatively slowly,
until experience with the risks associated with use of digital signatures is accrued.

• Initial use of digital signatures is likely to be limited to applications where long-


term archival is not very important, such as purchase orders, electronic funds
transfers and authentication of on-line services. Applications requiring long-term
archival such as birth and death certificates, deeds and government records will
probably require the establishment of electronic data archival centers capable of
verifying digital signatures, and associating the verified data with the identity of
the signer.

• Current laws dealing with digital signatures seem to have glossed over or
overlooked long-term non-repudiation. These laws will most likely be revised over
the next five (5) years or as the practical limitations of digital signature archival
manifest themselves.

• Applications requiring high levels of non-repudiation assurance will likely require


the use of digital time-stamping (or notary)
services. These services may be provided by commercial or government entities.

• At some point a clever cyber-criminal will commit a fraud through compromise of


a private signature key, or by seizing control
of the legitimate signer’s computer. When this happens, it will probably be a
major news event, and the whole concept of digital signatures will be
called into question, notwithstanding the fact that handwritten signatures do
not provide perfect security assurance either. The future of the use of digital
signatures will depend greatly on the early court decisions concerning who is
held liable for losses, and the success of the prosecution’s efforts.

CONCLUSION

25
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003
"Despite the dotcom boom and bust, the computer revolution has barely begun. Over
the next few decades, the internet and related technologies really will profoundly
transform society", argues David Manasian62

In order to tackle the problem of the privacy implications of digital signatures and
reduce the potential of damage, forward security should be used to ensure that
secrets are used only for short periods of time and that compromise of a secret does
not affect anything based on secrets from prior time periods. (e.g.) key evolving
signature

scheme.63 Forward secure signature schemes are meant to preserve the validity of

past signatures even if the current secret key has been compromised.64 This would
provide a viable alternative to PKI infrastructure.

Biometrics which is more inline with classic examples of signatures 65 can serve as an
alternative to digital signatures. It is the method of signing an electronic document
which uses a pen attached to a digitalizing pad to record the physical signature of the
maker of the document. This is normally displayed in a window on the screen of the
computer to which the distinguishing pad is connected.66 The use of a light pen and
the emulation of the physical action of signing manually provide a more direct means
of identifying an Individual by means of physical measurements uniquely associated
with the individual.67 Although there are many types of biometrics, a person has but
one or two biometric signatures68. Its virtue is that biometrics, which are unique to a
given human being and are not capable of being forged or stolen.69

"In a couple of years, when technology improves, your signature could be an image of
your retina, your fingerprint, or your face scanned by computer and matched with a bit
of numeric code lodged on the servers of security companies that you've signed on
with". In Short digital signatures legislation provides a framework but not more than

62
"Digital dilemmas; A survey of the internet society" The Economist January 25th 2003 at p.3
63
Silvio Micali and Leonoid Reyzin "Improving the exact Security of Digital Signature Schemes" August 15,
2000.
64
Gene Atkins and Leonid Reyzin Forward Secure Signatures with Optimal Signing and Verifying
<http: // theory.lcs.mit.edu/˜reyzin>
65
Robert Moskwowitz, "What's "E" about Signatures?", Network Computing, September 18, 2000
66
See Wright "Alternatives for Signing Electronic Documents" (1995) 11 CLSR 136.
67
R Jueneman, R Robertson, Jr "Biometrics and Digital Signatures in Electronic Commerce" 1998,
Jurimetrics 427
68
Robert Moskwowitz "What's "E" about Signatures?", Network Computing, September 18, 2000
69
Georgios I Zekos. Legal Problems in Cyberspace, Department of International Economics, Democritos
University of Thrace, Amvrosia-Komotini, Greece at p.73

26
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003
that. "What is considered a digital signature is somewhat vague" says Jun of
Cryptography Research
"That's good because it can add to some differentiation in the market. That's not good
because it can add to confusion in the market". And until businesses can figure out
how to eliminate this confusion, digital signatures won't replace hand written
signatures70

In order for electronic commerce in general and B2C e-commerce in particular to


prosper and become one of the key drivers of the global information society, security
must be top priority. The Internet will continue to impact business as new paradigms
for enforcement of digital signatures created by online transactions are established.
In the final analysis therefore it is right to assert that

"useful though they may be digital signatures alone cannot overcome the lack of
confidence that assails the development of B2C e-commerce".

70
. "What do E-signatures Mean For you "Business Week Online June 20, 2000

27
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003

BIBLIOGRAPHY

Legislation, Research Papers and Reports

American Association Bar (ABA), Digital Signature Guidelines (1996):


<http://www.abanet.org/scitech/ec/isc/dsgfree.html>.

Commission Welcomes New Legal Framework to Guarantee Security of Electronic


Signatures: <http://europa.eu.int/comm./internal_market/en/media/sign/99-
915.html>.

Directive 1999/93/EC of the European Parliament and of the Council of 13 December


1999 on a Community framework for electronic signatures, OJ L013,19.1.2000,p.
0012-0020: <http://europa.eu.int>.

Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000
on certain legal aspects of information society services, in particular electronic
commerce, in the Internal Market ('Directive on electronic commerce'), OJ L178.

2000/709/EC: Commission Decision of 6 November 2000 on the minimum criteria to


be taken into account by Member States when designating bodies in accordance with
Article 3(4) of Directive 1999/93/ec of the European Parliament and of the Council on
a Community framework for electronic signatures (notified under document number
C (2000) 3179) (Text with EEA relevance), OJ L289, 16.11.2000, p. 0042-0043:
<http://europa.eu.int>.

Commission notice pursuant to Article 19(3) of Council Regulation No 17 concerning


case COMP/37.462- Identrus (Text with EEA relevance), OJ C231, 11.08.2000, p.0005-
0008: <http://europa.eu.int>.

Declaration on Authentication for Electronic Commerce (Annex 3 of Conference


Conclusions)-1998, Ottawa: <http://www.oecd.org/>.

Electronic Signatures in Global and National Commerce Act 2000, (E-Sign Act) :<
http://thomas.loc.gov/cgi-bin/query/D?c106:6:./temp/~c106Nii0hw>.

A European Initiative in Electronic Commerce COM (97) 157:


<http://www.cordis.lu/esprit/src/ecomcom.htm>.

European Electronic Signature Standardisation Initiative (EESSI), Final Report of the


EESSI Expert Team, July 20, 1999: <http://www.ict.etsi.org/eessi/final-Report.pdf>.

OECD Guidelines on Cryptography Policy (1997): <http://www.oecd.org>.

UNCITRAL Model Law on Electronic Commerce (1996) : <http://www.uncitral.org>.

28
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003
UNCITRAL Uniform Rules on Electronic signatures with guide to enactment (2001) :
<http://www.uncitral.org/english/sessions/wg_ec/wp-86.pdf>.

UNCITRAL Model Law on Electronic Signatures (2001) : <http://www.uncitral.org>.

Uniform Electronic Transactions Act (UETA) :


<http://www.nccusl.org/uniformact_summaries/uniformacts-s-ueta.htm>.

Research papers

Global Business Dialogue on Electronic Commerce (GBDE), 'The Paris


Recommendations', Authentication and Security, September 13, 1999:
<http://www.gbd.org/acrobat/paris99.pdf>.

Global Information Infrastructure Commission (GIIC), Electronic Commerce: A


Comparison of US, EU, MITI and GIIC Reports on Electronic Commerce, March 27,
1998: <http://www.giic.org/focus/ecommerce/eccompares.htm>.

ICC, Creating trust in e-business -ICC guidelines updated, 2001:


<http://www.iccwbo.org/home/news/archives/2001/guidec_two.asp>.

International Chamber of Commerce (ICC), General Usage for International Digitally


Ensured Commerce-GUIDEC (version II) :
<http://www.iccwbo.org/home/guidec_two/contents.asp>.

Internet Law and Policy Forum (ILPF), REPORT: An Analysis of International Electronic
and Digital Signature Implementation Initiatives, Presentation and international
discussion, September 10, 2000: <http://www.ilpf.org/groups/report_IEDSII.htm>.

Kuner, C, Barceló, R, Baker, S and Greenwald, E (2000), An Analysis of International


Electronic and Digital Signature Implementation Initiatives, A Study prepared for the
ILPF by The Brussels office of Morrison & Forester LLP and the Washington, DC office
of Steptoe & Johnston LLP, September, 2000:
<http://www.ilpf.org/groups/analysis_IEDSII.htm>.

Journal Articles

Approaches in Electronic Authentication Legislation:


<http://rechten.kub.nl/simone/DS-art4.htm>.

Akdeniz, Y, Clarke, O, Kelman, A, Oram, A (1997), 'Can the Trusted Third Parties be
Trusted? A Critique of the Recent UK Proposals', The Journal of Information, Law and
Technology (JILT), 1997 (2) :
<http://elj.warwick.ac.uk/jilt/cryptog/97_2akdz/akdeniz.html>.

Angel, J (1999), Why use Digital Signatures for Electronic Commerce? The Journal of
Information, Law and Technology (JILT) 1999 (2) :
<http://elj.warwick.ac.uk/jilt/99-2/angel.htm>.

Alston & Bird LLP (2000), How the New E-Sign Act Will affect E-Commerce:
<http://www.gigalaw.com/Articles/alston-2000-06-p2.htm>.

29
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003

Ballard, M (2000), E-Sign: A Nudge, Not a Revolution: Oct.1 is big day for E-signature
implementation, but states, business have work to do, The National Law Journal,
September 19, 2000: <http://www.law.com>.

Beary Elizabeth J.D., The Digital Signature Debate: Technology Neutral or Specific,
M.B.A. 1998 <http: // raven.cc.ukans.edu/~cybermom/CLJ/beary.html>

Biddle Bradford C. Legislating Market winners: Digital Signature Laws and the
Electronic Commerce Marketplace
<http://www.w3journal.com/7/s3.biddle.wrap.html>

Biddle Brad CFP 97: WORKSHOP: Public Key Infrastructure and & Digital Signature &
Legislation, CFP 97: WORKSHOP: <http://www.state.mu.us/itd/legal/biddle1.htm>

Bohlman E "privacy in the Age of Information" The Journal of Information, Law and
Technology (JILT) 2002 (2) <http://elj.warwick.ac.uk/jilt/02-2/bohlman.html>

Bohm et al "Electronic Commerce: Who carries the Risk of Fraud? 200(3) The Journal
of Information, Law and Technology (JILT) <http://elj.warwick.ac.uk/jilt/00-
3/bohm.html>

B L, European Commission Approves Network for E-Signature Authentication, EMDM


(Web Watch), October 2001:
<http://www.devicelink.com/emdm/archive/01/10/013e.htm>.

Brice, W, Electronic Signatures in the Real World:


<http://www.messageq.com/security/brice_1html>.

Ching Lance C, Electronic Signatures: A Comparison of American and European


Legislation 25 Hastings Int'l & Comp.L.Rev 199

Colleja Rico European Union: Electronic Commerce - Digital Signatures- COMPTLR


1998, 4(6), N105-106
Dessent H. Michael Digital Handshakes in Cyberspace under E-Sign: There's a New
Sheriff in Town 35 URMDLR 943 January 2002

Downing, Robbie, and McKean, Ross, Digital Signatures: Addressing the Legal Issues,
Baker & McKenzie's London Office, <http://www.bmck.com/>
<http://www.bmck.com/ecommerce/Digital Signatures-Addressing the Legal
Issues.doc>.

30
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003

Ekuland Esa, Controlling and Securing Personal Privacy and Anonymity in the
Information Society <http://www.niksula.cs.hut.fi/~eklund/Opinnot/netsec.html>

Ford M "Identity Authentication and E-Commerce" 1998(3) The Journal of Information,


Law and Technology (JILT)<http://elj.warwick.ac.uk/jilt/98-3/ford.html>

Frank, D (2000), Europe Takes Lead on E-signs, Federal Computer Week, October 16,
2000: <http://www.fcw.com/>.

Fullingham David, A comparison of Digital and Hand Written Signatures, Paper for
MIT: Ethics and Law on the Electronic Frontier Fall 1997

Gamertsfelder Leif The Validity of Electronic Bills of Exchange: An Australian


perspective COMPTLR 1999, 5(1), 6-11

Green leaf Graham and Clarke Roger, Privacy Implications of Digital Signatures
<http://www.anu.edu.au/people/Roger.Clarke/DV/DigSig.html>

Johnston, M (2000), Digital Signatures Take Effect in US, NetworkWorldFusion News,


October 2, 2000: <http://www.nwfusion.com>.

Lipton Jacqueline, Protecting Valuable Commercial Information in the Digital Age:


Law, Policy and Practice, 6.1. J.TECH.L.POL'Y 2
<http://grove.ufl.edu/~ techlaw/vol6/Lipton.html> (2000)

Reed C "What is a signature?" 2000(3) The Journal of Information, Law and


Technology (JILT)<http://elj.warwick.ac.uk/jilt/00-3/reed.html>

Reed, P (2000), Consumers at Risk: A Litigation Nightmare with Electronic Signature


Laws, October 24, 2000: <http://law.about.com>.

Rennie Michele Electronic Commerce: A review of the European Commission's


proposed Directive COMPTLR 1999, 5(4), 93-97

Winn Kaufman Jane and Pullen Rhoades Michael, Esq. - Despatches from the Front:
Recent Skirmishes along the Frontiers of Electronic Contracting Law - ABA Business
Lawyer November 1999 Special Report: September 12, 2001:
<http://www.dabs.com/news/news-Article.asp?atype=newsfeed&Article=261>

31
"WOULD IT BE TRUE TO SAY THAT, USEFUL THOUGH THEY MAY BE, DIGITAL SIGNATURES ALONE CANNOT
OVERCOME THE LACK OF CONFIDENCE THAT ASSAILS THE DEVELOPMENT OF B2C E-COMMERCE" DISCUSS

Essay by Alice Lwanga: End of Module I; Electronic Commerce, 24th January 2003
Schulze Corina and Baumgartner Jeffrey, Do E-Commerce: A Beginners Guide to
European Law Affecting E-Commerce Published by the European Commission's
Electronic Commerce Team (Information Society Directorate General)

Sneddon Mark -Australia: Internet - Electronic Commerce Mark Sneddon -COMPTLR


1998 4(6), N89-90

Spyrelli, C Electronic Signatures: A Transatlantic Bridge? An EU and US Legal


Approach towards Electronic Authentication, The Journal of Information, Law and
Technology (JILT)<http://elj.warwick.ac.uk/jilt/02-2/spyrelli.html>

Stokes Simon - European Union: Electronic Commerce - legislation - COMPTLR 1998,


4 (7) N122-123

Swindells C et al "Legal Regulation of Electronic Commerce" 1998 (3) The Journal of


Information, Law and Technology (JILT) < http://elj.warwick.ac.uk/jilt/98-
3/swindells.html>

Swindells, C, Henderson, K, Legal Regulation of Electronic Commerce, The Journal of


Information, Law and Technology (JILT), 1998 (3) :
<http://elj.warwick.ac.uk/jilt/98-3/swindells.html>.

Links

Global Business Dialogue on Electronic Commerce (GBDE) : <http://www.gbd.org>.

Global Information Infrastructure Commission (GIIC): <http://www.giic.org>.

International Chamber of Commerce (ICC) : <http://www.iccwbo.org>.

International Telecommunications User Group (INTUG): <http://www.intug.net>.

World Information Technology and Services Association (WITSA):


<http://www.witsa.org>.

32

You might also like