BRIEFING PAPER
Background and Issues
Concerning
Authentication and the ITU
This Briefing and Issues Paper sets forth many of
the key issues for electronic signatures and certification authorities and
is intended to serve as the basis for discussions at the ITU Experts
Meeting in Geneva (9-10 December 1999).
This Paper has been prepared by Stewart BAKER and
Matthew YEO of the law firm Steptoe & Johnson, Washington, D.C., in
collaboration with the secretariat of the ITU.
The views
expressed in this Paper are those of the authors and do not reflect the
position of the ITU or its membership.
This Paper serves as a background document for
the International Telecommunication Union high-level Experts Meeting on
“Electronic Signatures and Certification Authorities: Issues for
Telecommunications”, to be held in Geneva on December 9&10, 1999.
As this Paper is intended for an expert audience, it assumes familiarity
with the principles of asymmetric cryptography, the operation of public
key infrastructures, and other aspects of authentication technology and
policy.
Our objective is not only to provide an overview of the state of the law
and technology in the area of authentication, but also to provide a
framework for a discussion of how the ITU can best facilitate the use and
interoperability of authentication technologies. It has been our
experience that, in many discussions of authentication issues – even
among experts – it can take an exceedingly long amount of time to reach
consensus on what the topic is, let alone to devise solutions.
In particular, we have found that the lack of a shared understanding on
two basic issues – the objectives of law and regulation in the area of
authentication and the likely applications of authentication technology
– often stands in the way of a common approach to the issues.
Thus, we will first attempt to “set the table” by reviewing these two
basic issues, and then turn to specific issues for the ITU to consider.
I.What Are the Objectives of Law and Regulation in the Area of
Authentication?
A. Legislative
Motivations … and Divergent Paths
The past several years have witnessed a remarkable
amount of legislative and regulatory activity around the world relating to
electronic signatures and the operation of public key infrastructures (“PKIs”).
The amount of attention that these issues have received is, quite frankly,
out of proportion to the commercial significance of authentication
technologies at the present time. There is a widespread belief,
however, that the further emergence of authentication technologies will
require the “enabling hand” of the law, if only to remove any
uncertainty as to the legal effect of electronic signatures. While
others are inclined to view law and regulation in this area as
unnecessary, the simple fact is that laws and regulations relating to
electronic signatures and PKIs are likely to continue to be adopted,
albeit in many different shapes and colors.
To simplify matters greatly, one can perceive two basic motivations behind
much of the recent legislative and regulatory activity.[1]
The first motivation, as suggested above, is simply to remove existing
legal obstacles to the recognition of electronic signatures and records.
Here, the principal goal is to ensure that electronic signatures and
records are, at least in most cases, allowed to fulfill any existing legal
requirement for a “signature” or a “writing.” This objective
can often be met by defining, in fairly broad terms, the circumstances
under which an electronic signature or record will be deemed to have
fulfilled any such requirement.
The second, and surprisingly unrelated, motivation behind legislative and
regulatory activity in this area is to establish a legal framework for the
operation of public key infrastructures. Some proponents of PKIs
have argued that, in order to facilitate the adoption and use of this
technology, legislators should prescribe regulatory standards for
certificate authorities (“CAs”) and allow CAs to limit their liability
when they comply with those standards. Legislation and regulations
designed to advance this objective typically enshrine asymmetric
cryptography as the approved means of creating an electronic signature,
impose certain operational and financial requirements on CAs, address the
duties of key holders, and describe the circumstances under which reliance
on an electronic signature is justified.
These two motivations converge, and are often in conflict, when its comes
to the basic question of what types of electronic signatures the law
should recognize. In general, those who are motivated by the desire
to remove obstacles to the use of electronic signatures prefer broad,
criteria-based definitions of what constitutes an electronic signature.
By contrast, those who are motivated by the desire to facilitate PKIs tend
to prefer legislation that ties the legal effect of an electronic
signature to the use of a technology that is specifically approved by the
legislation – typically, digital signature technology, and sometimes
only those digital signatures that are authenticated by licensed CAs.
Note that the supporters of these two different objectives do not necessarily
have to disagree on what types of electronic signatures the law should
recognize. The law can prescribe standards for the operation of PKIs,
and, at the same time, take a broad view of what constitutes a valid
electronic signature for legal purposes – in fact, as discussed below,
some “two-tier” pieces of legislation have taken roughly this
approach. In practice, however, the proponents of PKI legislation
tend to believe that only certain types of electronic signatures are
sufficiently trustworthy to be given legal effect, while those who seek to
remove obstacles to the use of electronic signatures tend to believe that
the law should give effect to virtually any electronic signature, so long
as the technology used to create the signature was appropriate to the
nature and purpose of the communication. Thus, the question of legal
effect has become a point of division for these two different
philosophies.[2]
The tension between these divergent legislative trends can be seen in
legislative chambers and in regulatory agencies throughout the world.
In the United States, the early preference – as reflected in the
legislation adopted by the State of Utah in 1996 – was for heavily
prescriptive, technology-specific laws that enshrined the use of digital
signatures and set standards for the operation of public key
infrastructures. Other states, such as California, took a more
criteria-based approach, but still relied heavily on digital signature
technology. Still other states have taken the “minimalist” or
“enabling” approach, whose general purpose is to give effect to a
broad class of electronic signatures. These different approaches
have raised a concern within the United States that electronic signatures
may not be recognized even among the different states of the United
States.
In the U.S., however, the tension between these different approaches
appears to have been largely resolved by the adoption last summer of the
Uniform Electronic Transactions Act (UETA).[3]
UETA is a victory for the minimalists – it avoids any effort to set
technological standards for the use and recognition of electronic
signatures, and makes no effort to address issues that are specifically
related to the operation of public key infrastructures. Instead,
UETA allows parties to prove the validity of virtually any type of
electronic signature, by demonstrating that it was “executed or adopted
by a person with the intent to sign the electronic record.”
Whether or not an electronic signature can be attributed to a particular
person can be proven “in any manner,” including by reference to the
level of security and authenticity provided by the technology used to
create the signature (e.g., by reference to the security and authenticity
provided by a particular class of digital signature). The effect of
an electronic signature is to be determined from the “context and
surrounding circumstances at the time of its creation,” including any
agreement that the parties to the communication have entered into
concerning the use of electronic signatures.
UETA has already been adopted by the State of California, and numerous
other states are scheduled to consider the model law within the next year.
While Congress has recently been considering the adoption of uniform
federal legislation in the area of electronic signatures, it is now agreed
that any federal law will act merely as an interim measure pending the
adoption of UETA by the individual states, a process that could take four
or five years or more. Thus, UETA has become the baseline in the
United States for any state or federal legislation relating to electronic
signatures and records. Its minimalist approach to enabling the use
of electronic signatures strongly suggests that the United States will
avoid any type of mandated regulatory scheme for signature devices and the
operation of PKIs.
In the meantime, Europe seems to be moving in a different direction.
In Europe, the preference so far has been for prescriptive,
technology-specific statutes and regulations. The German Digital
Signature Law, for example, establishes stringent technical standards for
what types of digital signatures are to be deemed “secure.”
While the law does not directly address the legal effect of digital
signatures, the German government is currently considering legislation
that would link the satisfaction of any statutory requirement for a
signature to the use of an approved digital signature technology.
Italy has already taken that step by granting legal effect only to those
digital signatures that are authenticated by licensed CAs and that fulfill
fairly stringent technical standards. Among the Member States of the
European Union, the United Kingdom is, to date, the only country that has
proposed legislation pertaining to electronic signatures that is more akin
to the “minimalist” approach exemplified by UETA.
The European Union has its own harmonization processes, of course, and has
taken up the topic of electronic signatures in a draft directive that is
currently in the final stages of consideration by the European Parliament
and Council. The draft directive takes what is sometimes referred to
as the “hybrid” or “two-tier” approach to electronic signature
legislation. At the first level, the directive prohibits the EU
Member States from denying legal effect to an electronic signature solely
on the grounds that it is in electronic form or on the grounds that it
does not satisfy the technical standards set forth elsewhere in the
directive for “advanced” electronic signatures (discussed below).
While important in principle, this “non-discrimination” prohibition
may not impose much in the way of a practical restraint on the Member
States if they can find other grounds on which to deny effect to a
signature. It is significant, in this regard, that the draft
directive does not purport to harmonize any “non-contractual formalities
requiring signatures,” which means that the Member States will largely
remain free to prescribe particular standards for the satisfaction of
statutory form requirements under national law.
At the second level, the draft directive affirmatively requires the Member
States to give legal effect to “advanced electronic signatures” that
are based on “qualified certificates” and that are created by
“secure signature creation devices.” Those terms are defined by
reference to a series of technical annexes that, while somewhat vague in
their current form, are likely to give rise to fairly detailed and
stringent standards. The seeming intention of this second level is
to create a European-wide regulatory regime for electronic signatures and
certificate authorities. Even though the directive has not yet been
adopted, let alone implemented by the Member States, this process is
already underway in forums like the European Electronic Signatures
Standardization Initiative (EESSI), which is developing standards for the
fulfillment of the draft directive’s technical annexes.
Elsewhere in the world, countries are similarly divided in their
approaches to electronic signature legislation. Australia and New
Zealand, for example, have adopted strictly minimalist approaches to
enabling the use of electronic signatures, while Malaysia, Singapore, and
South Korea have taken a more prescriptive approach (although
Singapore’s legislation is “two-tier” in that it permits parties to
prove virtually any type of electronic signature while according special
legal presumptions to “secure” electronic signatures).
B. Sources and
Implications
It is worth briefly considering some other reasons
why countries are moving down divergent paths with respect to the
recognition and regulation of electronic signatures and CAs. There
are many complex reasons, but among the most important are:
·
Countries with civil law traditions tend to have more stringent and
particularized form requirements with respect to signatures and writings,
while countries in the common law tradition tend to focus on the intent of
the signing party and to permit a broad array of proof with respect to
signatures. These different approaches tend to influence attitudes
toward what level of security is required to produce a legally valid
electronic signature. It is probably not a coincidence that the
United States, the United Kingdom, Australia, and New Zealand – all
common law countries – have tended toward the minimalist approach, while
Germany, Italy, and, to some extent, the European Union have tended toward
a more prescriptive approach.
·
Some countries are more accustomed to playing a direct role in setting
standards for new technologies, and may believe that they confer a
competitive advantage on their industries by doing so.
·
Legislators and policymakers in different countries may have different
assumptions about how authentication technologies will emerge, and how
they are likely to be used. These assumptions may, in turn,
influence their assessment of what kind of legislation is required to
facilitate the use of those technologies. As discussed in more
detail below, those who believe in the model of the “general purpose
certificate” are more likely to be concerned about technical standards
and the operational requirements for CAs, while those who believe that
most uses of authentication technologies will take place for a limited
purpose and according to the terms of a contractual agreement are more
likely to be concerned about ensuring that the law gives effect to those
agreements.
·
Lastly, as with any type of law or regulation, the outcome may depend, in
part, on who has the most influence in the decision-making process.
Companies that specialize in authentication technologies tend to promote
legislation that specifically endorses the use of their technology,
preferably to the exclusion of others, while companies that are building
business models that incorporate authentication technologies tend to
promote legislation that gives them maximum flexibility and that ensures
that any agreement that they enter into concerning the use of
authentication technologies will be enforced. To some extent,
telecommunications companies fall into both camps.
The policy divergence that is occurring internationally is probably the
result of a combination of all of these factors, in varying degrees.
Unfortunately, this divergence could have serious repercussions for the
recognition and interoperability of electronic signatures and certificates
across national borders. Among the problems that might arise are:
·
Some countries, such as Germany, Italy, and Malaysia, have a de
jure or de facto requirement that any electronic signature that
is to be given legal effect in that jurisdiction must fulfill the
technical standards prescribed by law or regulation. In some cases,
the signature may have to be authenticated by a CA licensed in that
jurisdiction. This requirement will likely give rise to a patchwork
of conflicting technical standards and licensing requirements that will
make it very difficult to use electronic signatures across national
borders. Moreover, these legal requirements can act as barriers to
international trade in authentication products and services. Given
the inherently global nature of electronic commerce, much of the benefit
of authentication technologies may be lost.
·
By the same token, a system in which each country prescribes its own
standards will make it very difficult to enter into the kinds of mutual
recognition and cross-certification agreements that some believe are part
of the solution to this problem.
·
Contractual agreements concerning the use and recognition of electronic
signatures may not be given effect in different jurisdictions if national
laws do not explicitly recognize such agreements, or if technical or
regulatory standards imposed by law cannot be altered by agreement.
This could seriously impede the development of global authentication
models that are built upon contractual agreements or a series of
contractual agreements. As discussed below, there are many who
believe that contractually-based authentication systems are likely to be
the dominant form of authentication, particularly at the international
level. If these systems are not permitted to operate according to
their own terms across national borders, they may never fulfill their
promise.
II. What are the
Likely Applications of Authentication Technology?
Two Different Paradigms
One of the interesting aspects of the current policy debates over
electronic signatures and authentication technologies is that our
understanding of how these technologies will be used in the “real
world” is still evolving. This is not a situation in which law and
policy are reacting to a technology that has already gained widespread
acceptance in the marketplace; rather, legislators and policymakers are
trying to predict, and in some cases influence, the direction in which
these technologies will emerge. As noted above, different
assumptions about the future of these technologies tend to influence the
evaluation of what type of legislation, regulation, or
standards-setting processes are required.
Because so much about the future of authentication is either unknown or
speculative, it is important for any organization considering the adoption
of recommendations or standards in this area to evaluate what the needs
are likely to be and, from a precautionary standpoint, to consider whether
any proposed form of action is premature. In order to facilitate
this process, we have sketched out below two different “paradigms” of
authentication. These paradigms represent heavily simplified and
stylized sets of assumptions about the manner in which authentication
technologies are likely to be used. It is important to note from the
outset that the two paradigms could, in fact, come to co-exist and even
overlap with each other, and are likely to do so to some degree.
However, the purpose of evaluating these paradigms is less to determine
what the world will “actually” look like down the road, and more to
serve as a kind of heuristic device for making decisions about the current
need for action by the ITU and other organizations.
A. Paradigm 1
– Universal Authentication
The core assumption of the first paradigm,
which we will call “Universal Authentication,” is that the principal
use of authentication technologies will be to authenticate identities and
attributes among persons who have no pre-existing relationship with each
other, and whose common use of the technology is not the subject of a
contractual agreement or a series of contractual agreements. In this
paradigm, the main purpose of authentication technologies is to confirm
the identity or other attributes of a certificate holder to a potentially
unlimited number of persons and for a potentially unlimited number of
purposes.
A closely related assumption underlying the Universal Authentication
paradigm is that persons are likely to hold only one certificate, or
perhaps a limited number of certificates, that they use for multiple
purposes. Typically, people who are oriented toward the Universal
Authentication paradigm believe that general purpose identity
certificates will lay the foundation for most applications of the
technology; these certificates can be used, for example, to enter into
contracts, sign electronic messages, and engage in communications with the
government – sometimes based on identity alone and sometimes in
conjunction with another authenticated attribute. The important
point, though, is that beyond whatever general limitations are set forth
in the applicable certificate policy, there is no restriction on the
potential uses of the certificate and no limitation on the classes of
persons who might rely on the certificate for some purpose.
In the Universal Authentication paradigm, the extent to which, and the
circumstances under which, a person may rely on a certificate for a
particular purpose are defined almost exclusively by the relevant
certificate policy.[4]
That policy, addressed by the certificate authority to the universe of
potentially relying parties, usually defines, inter alia, the
procedures by which the certificate was issued, the procedures that exist
for its revocation, the technical specifications of any signature device
and, perhaps most importantly, any limitations on the type or value of
transaction for which the certificate may be used. The recipient’s
decision to rely upon the certificate is determined by an evaluation of
the suitability of that policy for the intended purpose. It is also
determined by an assessment of the reliability of the CA that issued the
policy and authenticated the certificate, which assessment may be
influenced, in part, by any law or regulation governing certificate
authorities to which the authenticating CA is subject.
As is evident from the foregoing, the core element of trust arises
principally from two sources in the Universal Authentication paradigm: (1)
the practices and procedures followed by the CA in issuing a certificate,
as well as the terms and conditions set forth in the applicable
certificate policy; and (2) any law or regulation that sets standards for
the operation of public key infrastructures and that defines general
conditions for the use and acceptance of certificates. In these
respects, the operation of public key infrastructures can be seen as a
matter of general public concern, and therefore a suitable area of public
regulation.
B. Paradigm 2
– Bounded Authentication
The core assumption of the second paradigm, which we
call “Bounded Authentication,” is that the principal use of
authentication technologies will be to authenticate identities and
attributes among persons whose common use of the technology is the subject
of a contractual agreement or a series of contractual agreements. In
this paradigm, the main purpose of authentication technologies is to
confirm the identity or other attributes of a certificate holder for a set
of specifically defined purposes, and within a defined community of
potentially relying parties who are subject to common terms and conditions
for the use of the technology.
The Bounded Authentication paradigm envisions a world in which most uses
of authentication technology will be particular to a specific application
or business process. Alternatively, the authentication technology
may be used for a potentially unlimited number of purposes, but solely
within the context of a particular industry or community of users who have
some commonality of interest. Either way, the critical feature of
this paradigm is that most uses of certificates will be bounded in
some fashion, and that the use of the certificate within those boundaries
will be defined by an agreement or series of agreements. Although it
amounts to saying the same thing, a critical point of distinction from the
Universal Authentication paradigm is that, in the Bounded Authentication
paradigm, there are no potentially relying parties who are not in
privity with the sending party through one or more agreements concerning
the use of the technology. In this paradigm, there are no
“strangers” to an authenticated communication.
Although not a necessary element of the Bounded Authentication paradigm,
people who are oriented toward this paradigm tend to believe that
limited-purpose attribute certificates will be much more common
than general-purpose identity certificates.[5]
Most certificates will authenticate some attribute that is relevant to a
specific application or business process (e.g., the authority to enter
into a contract on behalf of a company, the right to access protected
content, or the fact that the certificate holder bears a particular kind
of license or credential). A related assumption of this paradigm is
that most certificates will be issued to a certificate holder by some
business or organization with which the certificate holder has a
pre-existing relationship – most commonly, the certificate holder’s
employer, but it could also be, for example, the certificate holder’s
bank or a company with which the certificate holder does business.
In the Bounded Authentication paradigm, the extent to which, and the
circumstances under which, a person may rely on a certificate for a
particular purpose are defined almost exclusively by a relevant agreement
or series of agreements among the parties that use the technology.
That agreement, which could take the form of a direct contract between the
parties or a “system” agreement to which all parties subscribe, will
likely define, inter alia, the process by which certificates are
issued and revoked, the types of transactions for which they may be used
and under what conditions, the legal effect of any electronic signatures
that are created pursuant to the agreement, and the allocation of
liability among the parties for such risks as the compromise of a private
key or the use of the certificate for an unauthorized purpose.
As in the Universal Authentication paradigm, the core element of trust
in the Bounded Authentication paradigm arises principally from two
sources, although these sources are rather different. In this case,
they are: (1) the terms and conditions of any agreement or agreements that
govern the use of certificates within the bounded space; and (2) the
enforceability of any such agreement or agreements in jurisdictions where
the agreement may need to be enforced. In these respects, the
operation of a public key infrastructure for some purpose is essentially a
private concern, although its utility could be affected by external
laws and regulations that cast doubt on, or fail to give effect to, the
terms and conditions of the relevant agreement or agreements.[6]
C. Policy
Implications
As noted at the outset, the two paradigms described
above are not meant to be exclusive of each other, and have only limited
value in predicting how the use of authentication technologies will
evolve. They are intended, instead, to provide a framework for
evaluating and prioritizing any policy or standards-setting
activities that an organization like the ITU might undertake. To
begin this process, we have set forth below a comparison of the key policy
considerations and needs with respect to each paradigm.
Universal
Authentication
|
Bounded
Authentication
|
·
There is a relatively
strong need for harmonization of certificate policies and
practices, so that persons can rely upon a certificate for
virtually any purpose without having to examine the details of
each policy. Uniformity
of certificate policies and practices will also facilitate
cross-certification and other forms of cross-border recognition.
|
·
Harmonization of
certificate policies and practices is relatively less important,
as certificates will only be used within a contractually bounded
space. Users are
presumed to be familiar with the terms and conditions of any
relevant agreement(s). To
the extent it is necessary, harmonization of certificate
practices and policies is more likely to occur within specific
industry groupings or within a community of certificate users
who use certificates for the same or similar purposes.
|
·
There is a relatively
strong need for harmonization of message formats, extensions,
and methods of expressing attributes and limitations on use.
Technical interoperability is critical.
|
·
While users of
authentication technologies will still benefit from harmonized
message formats and extensions, at least insofar as they make it
easier to implement a particular authentication model,
certificate messages and extensions can be tailored for the
intended uses of a certificate.
Technical interoperability with other authentication
systems is valuable, but not critical.
|
·
Cross-certification is
likely to be an important and widespread means of ensuring
interoperability of certificates.
As noted above, cross-certification will be facilitated
by harmonized practices and policies.
Cross-certification agreements are likely to be
negotiated among “peak” national CAs or directly by
governments.
|
·
Cross-certification is
considerably less important, although one authentication system
may agree to recognize certificates issued by another
authentication system where the purposes for which the
certificates are used and the manner in which they are
administered generally coincide.
Cross-certification is almost entirely a private matter.
|
·
There is a relatively
strong need for uniform security standards for signature
creation devices, as well as operational standards for CAs, so
that relying parties can have confidence in the signature or
certificate without having to examine these parameters in each
instance. Moreover,
as each certificate can be used for a wide array of
transactions, some of which may be valuable or otherwise
significant, it is appropriate to set high security standards.
|
·
The security standards
for signature creation devices and the operational standards of
CAs will depend almost entirely on the intended application.
High-value applications will require more stringent
standards, while less stringent standards will suffice for many
low-value applications. The
imposition of stringent technical requirements on all
authentication applications is inappropriate and may deter many
potential applications.
|
·
Laws and regulations
setting technical and operational requirements for electronic
signatures and PKIs may inspire confidence in users, but there
is also a strong case to be made that market forces should
determine these standards.
|
·
Laws and regulations
setting technical and operational requirements for electronic
signatures and PKIs are unnecessary, and may actually impede
contractual agreements to the extent that they are construed to
apply to such agreements.
|
·
In many countries, it
may be important for national law to establish that CAs are
allowed to limit their liability to relying third parties,
provided that the CAs adhere to certain conditions.
Third-party reliance is a significant problem.
|
·
The users of an
authentication system can allocate their respective liabilities
by contract, although it is important that the law give effect
to those agreements. There
may still be a need to develop reliable technical or legal
methods to prevent reliance by non-parties or reliance for
purposes other than those contemplated by the relevant
agreement(s).
|
·
Global interoperability
is largely a function of harmonized practices and policies,
which in turn facilitate webs of cross-certification.
International agreements or understandings
may facilitate this process.
|
·
Global interoperability
is largely a function of ensuring that national laws recognize
and give effect to agreements concerning the use of electronic
signatures and certificates.
|
As is evident from the foregoing, the needs of the
two paradigms are quite different, and sometimes conflict with each
other. Our objective in identifying these differences is not to
suggest that the ITU and other organizations with responsibility in this
area must make a decision among conflicting alternatives, but rather to
suggest that: (1) depending upon a sense of which paradigm is likely to be
the dominant paradigm, there are likely to be different priorities for
action; and (2) whatever actions the ITU and other organizations choose to
take in this area, they should be neutral with respect to each paradigm
i.e., they should not take actions that impede the emergence of different
authentication models.
III. Issues for Discussion
The primary objective of this two-day Meeting
is to evaluate the legal and technical obstacles to the use of
authentication technologies in cross-border applications, and to consider
the role that the ITU and other organizations can play in overcoming these
obstacles. The implications for the telecommunications community
should also be a focal point for the discussions. Toward that end,
we have attached to this Paper a suggested outline of basic issues that
should be discussed in evaluating potential solutions. While the
basic structure of the outline is intended to serve as an agenda for
discussion, the issues raised under each heading are meant to be
illustrative, not exclusive.
Without prejudice to the course that the discussion might take, and the
conclusions that might be reached, we have attempted below to draw
together some of the basic themes of this Paper as they relate to the
issues for discussion. While not covering all of the specific issues
set forth in the outline, we hope to catalyze the discussion with a few
observations on basic issues.
A. An
International Agreement on “Signatures” and “Identity?”
One of the conclusions that one can take away from
the review of basic issues in Parts I & II of this Paper is that the
question of identity is at the heart of many of the policy debates
in this area. On the one hand, there is a strong sentiment in some
countries and in some industry sectors that there is a need for a highly
reliable and secure form of certificate that is bound to the certificate
holder’s physical identity. Many believe that this is the only
basis upon which to achieve a degree of non-repudiation that should be
legally recognized as equivalent to a “signature.” On the other
hand, there are many who believe that the need for certainty with respect
to a signer’s identity is a sliding scale, and should be evaluated on a
case-by-case basis in light of the nature and purpose of the transaction
and in accordance with traditional methods of evidentiary proof.
Overlying this issue is whether, and under what circumstances, the parties
to a transaction should be allowed to agree on what constitutes a valid
signature, at least as between the parties to the transaction.
If this circle is not squared, we are likely to see the emergence of
fundamentally discordant standards as to what constitutes a
“signature” in different jurisdictions. The result would be a
lack of legal certainty in cross-border transactions that depend upon the
validity of electronic signatures. Ironically, the outcome could be
significantly worse than the status quo with respect to the
recognition of traditional signatures in international commerce, if
countries were to impose technical standards and licensing requirements
for electronic signatures that have no counterpart in the world of
traditional signatures.
What, then, are the options for trying to avoid this outcome? While
this issue has been much debated, we perceive the following as among the
most likely solutions:
·
Reach an international
agreement on a definition of “electronic signature” that incorporates
“a scalable set of signature requirements based on the security needs of
the particular application.”
As our colleagues Christopher Kuner and Anja Miedbrodt observe, the
1996 UNCITRAL Model Law on Electronic Commerce already moves down this
path by stating that an electronic signature must be “as reliable as was
appropriate for the purpose for which the data message was generated or
communicated, in the light of all the circumstances, including any
relevant agreement.” Some
countries – particularly those in the civil law tradition – may not,
however, be willing to accept so open-ended a standard, at least for the
purpose of fulfilling non-contractual form requirements.
This may be one reason why a convention proposed by the United
States government, and based roughly on the Model Law, has not yet
advanced.
·
Either by international
agreement, by a Memorandum of Understanding or through other international
guidelines, or through the natural course of events, countries can
adopt “two-tier” legislative models that allow parties to prove a
broad class of electronic signatures, while conferring heightened legal
status to certain types of “secure” electronic signatures.
This is generally the approach taken by the current draft of the
UNCITRAL Uniform Rules on Electronic Signatures.
This approach will only ameliorate the problem, however, if
countries do not require the use of “secure” electronic signatures for
various form requirements that affect international commercial
transactions. In other words,
to the extent that the use of “secure” electronic signatures is
mandatory, as opposed to merely conferring a presumption, these
requirements should be limited to areas of the law that do not have a
significant impact on commercial transactions (e.g.,
trusts, family law, real property transactions, etc.).
Moreover, two-tier laws should explicitly give effect to
contractual agreements concerning the use and recognition of electronic
signatures, so as to ensure that global contract-based authentication
models do not run afoul of national legal requirements.
·
In a somewhat different
vein, the creation of a global web of cross-certified CAs could
lessen the need for international agreements on the recognition of
electronic signatures, provided that the CAs within the system followed
practices that generally fulfilled the requirements of major commercial
jurisdictions. This system of
cross-certification could either be hierarchical, with a single entity
establishing uniform practices for all CAs to follow, or could take the
form of a more distributed network of CAs following generally comparable
practices.
B. Accommodating
Bounded Authentication
A pervasive theme of this Paper has been that many
of the most extensive and far-flung implementations of authentication
technologies will take place within a contractually-bounded space.
These communities of users could be very small – as few as two – or
could potentially involve millions of people around the world, as is the
case with Bolero and Identrus. As is the case with international
commerce generally, the power to contract is probably the most effective
means of overcoming national legal differences, but only if the terms of
those contracts are enforced – a problem that global traders have faced
for centuries.
The means by which national laws should give effect to contractual
agreements concerning the use and recognition of electronic signatures can
be reduced to several key principles, some of which have already been
mentioned:
·
To the extent that
countries adopt laws or regulations that give effect to electronic
signatures, those laws or regulations should explicitly recognize that
parties may agree by contract what constitutes an electronic signature,
and what its legal effect will be, at least as among those parties.
Exceptions to this basic principle should be limited and should not
arise in areas that would affect the great bulk of international
commercial transactions.
·
By the same token, those
countries that prescribe technology standards for electronic signature
devices should allow parties to vary those requirements by agreement –
again, at least in those areas that are likely to affect international
commercial transactions. (A
government might, for example, prescribe certain standards for the use of
electronic signatures in communications with the government.)
·
Similarly, any licensing
requirements for CAs or other providers of trusted services should not
extend to entities that provide those services within the context of a
contractually-bounded authentication model.
C. Facilitating
Universal Authentication
As suggested by the table in Part II describing the
principal needs of the two different paradigms of authentication,
achieving global interoperability under the Universal Authentication
paradigm is largely a question of developing harmonized practices and
technical standards. Harmonized practices and standards would permit
other countries, certificate authorities, and relying parties to have
greater confidence in certificates that originate in a foreign
jurisdiction, and would also facilitate technical interoperability.
Shared understandings at the international level may facilitate this
process.
In the context of this discussion, there are two issues that merit
particular attention: (1) what harmonized practices and standards are most
likely to facilitate cross-border usage and recognition; and (2) what
institution or institutions should undertake to develop those practices
and standards and by what means?
With regard to the first question, some of the possible candidates for
harmonization include:
·
On the basic question of identity,
it could be useful to have a harmonized set of certificate practices for
the issuance of highly-reliable identity certificates.
The IETF has, in fact, already begun work on the format of such a
certificate, although the IETF draft does not address the certificate
practices underlying these certificates.
The existence of these standards could facilitate cross-border
recognition of electronic signatures in applications where non-repudiation
is critical.
·
In a similar vein,
harmonized message formats could make it easier to identify and evaluate
critical elements of any relevant CPS or certificate policy, even on an
automated basis. For example,
a standardized methodology for expressing the manner in which a
certificate was issued to an individual (e.g.,
“two forms of government-issued identification presented in
person to the CA”) could allow relying parties to evaluate the
reliability of the certificate without having to examine the entire CPS.
Likewise, a standardized methodology for expressing limitations on
use of the certificate (e.g.,
by reference to the value or nature of the transaction) could facilitate
certificate evaluation.
·
Lastly, a model
cross-certification agreement could prevent the need to negotiate
potentially thousands of such agreements, and could facilitate
“transitive” cross-certification (i.e.,
CA 1 recognizes CA 2; CA 2 recognizes CA 3; therefore, CA 1 recognizes CA
3). Even more expansively,
the creation of a global network of CAs following the same or comparable
practices could, as described above, facilitate cross-border recognition
and interoperability.
With respect to the technical issues, it is worth
noting that there is already a large amount of standards-setting activity
already underway. Joint Technical Committee 1/27 of the ITU and the
ISO, which was originally responsible for the development of X.509,
continues to develop standards relating to specific aspects of public key
cryptography.[8]
As befitting the position that it holds in relation to the X.509 standard,
much of the work of JTC 1/27 is of general applicability to all X.509
implementations. As an example, several updated and new ITU-T
Recommendations planned for release include:
·
A new version of X.509 (V6);
·
X.ttp1: Guidelines on the
Use and Management of Trusted Third Party Services (includes discussion of
mutual recognition of services by different TTPs);
·
X.ttp2: Specification of
TTP Services to Support the Application of Digital Signatures; and,
·
X.sio: Security Information
Objects.
Other organizations, such as the Internet Engineering
Task Force, have also undertaken standards-setting projects relating to
the use of X.509 in specific applications, including Internet-related
applications.[9]
Among the standards-track documents and drafts that the IETF is currently
considering are:
·
A new certificate format
and certificate revocation list profile for Internet PKI applications;
·
The format and contents of
a “qualified certificate” for use in applications where
non-repudiation is critical;
·
Several operational
standards for the Lightweight Directory Access Protocol (LDAP);
·
A standard-form outline of
certificate practice statements and certificate policies;
·
A profile for the use of
X.509 attribute certificates, which will typically be linked to one or
more identity-based certificates;
and
·
Specifications for the
operation of time-stamping services.
The World Wide Web Consortium (W3C) is also working
on syntax and encoding rules for digital signatures using the Extensible
Markup Language (XML).[15]
The amount of activity already underway in this area naturally raises the
question of how the different standards organizations that are active in
this area should co-ordinate their respective activities.
D. The Role of
Telecommunications Companies
Telecommunications companies have not, to date,
played an extensive role in the emerging “authentication industry,”
although in some respects they are well-positioned to do so. To
begin with, telecommunications companies tend to have relationships with
very large portions of a country’s business and residential communities,
and are often viewed as trusted organizations. As such, they are
well-positioned to act as a “network of trust” among companies and
individuals that do not necessarily have a pre-existing relationship with
each other. Compared to many other kinds of companies, they are also
relatively well-positioned to verify identities and certain types of
attributes that may be authenticated by a certificate.
At the international level, telecommunications companies are already
accustomed to laying the technical and legal foundations for globally
interoperable networks, and thus may have some advantage when it comes to
putting in place multinational public key infrastructures. Moreover,
telecommunications companies are both ubiquitous but also relatively few
in number within each country, which may make it easier to develop
well-ordered, interoperable public key infrastructures.
Among the issues that are likely to concern telecommunications companies
as they contemplate providing different kinds of authentication services
is the core issue of liability.
Unlike traditional telecommunications services, where the
telecommunications company is essentially providing a conduit for the
transmission of voice or data, authentication services would require the
telecommunications company to make some positive assertion about the
identity or attributes of one or more parties to a communication.
Although national law may permit the telecommunications company to limit
its liability for these assertions either by contract or through devices
such as CPSs, the provision of authentication services nonetheless exposes
the telecommunications company to new forms of risk – a factor that may
be of concern to corporate executives and regulators alike. The
clear authority to limit liability is therefore an important legal
objective for telecommunications companies entering the authentication
business, as it is for any other company in this area.
OUTLINE
OF ISSUES FOR DISCUSSION
I.
Building a Global Framework
A.
What are the possible objectives of any international agreement or
guidelines?
1. Ensure that electronic signatures
are given legal effect comparable to hand-written signatures, at least in
those areas of the law that affect commercial transactions.
2. Establish reasonably uniform
standards for the provision of certificate authority services, at least
for “universal” applications.
3. Establish basic principles by
which countries agree to enforce contractual agreements concerning the use
and recognition of electronic signatures.
B.
What are the potential elements of any international agreement or
guidelines?
1. Signature-Related Issues
a. A definition of “electronic
signature.”
(i) Intent-based definitions (cf. UETA).
(ii) Criteria-based definitions (cf. UNCITRAL Model Law
Article 7).
(iii) Technology-based definitions (cf. national digital signature
laws).
(iv) A “sliding scale” of definitions for different
applications.
b. Basic principles concerning the
legal effect of electronic signatures.
(i) Non-discrimination (e.g., parties allowed to prove in same
manner as hand-written signatures).
(ii) Affirmative legal effect.
(iii) “Presumptions” for certain types of electronic signatures.
(a) What presumptions?
(b) What types of signatures?
c. A statement of the types of laws
to which the signature provisions apply.
(i) How to define the scope of exemptions so that the
agreement remains meaningful, and yet allows countries to exempt areas in
which electronic signatures are not appropriate?
(ii) Consumer protection issues.
2. CA-Related Issues
a. PKI elements
(i) Issuance procedures.
(ii) Revocation procedures.
(iii) The rights and duties of certificate holders and relying
parties.
(iv) The liability of CAs.
(v) Security standards for root keys, audit procedures, etc.
b. Licensing issues
(i) Should licensing ever be mandatory for legal effect, or
should this practice be prohibited by agreement?
(ii) How to accommodate the interaction between regulated and
unregulated CAs.
3. Contract Issues: How to draft a
party autonomy clause so as to ensure legal effect for most commercial
applications of authentication technologies?
C.
What are the Appropriate Instruments and Forums for Developing a Global
Framework? What Can Each Forum Contribute?
1. ITU
2. UNCITRAL
3. OECD
4. Multilateral negotiations
II. Accommodating
Bounded Authentication
A.
Other than the basic issue of enforcing contractual agreements concerning
the use and recognition of electronic signatures, what are the other
obstacles that these systems face in cross-border usage?
1. Licensing requirements.
2. Mandatory technical standards.
3. Foreign origin of entity that
authenticates signature.
B.
If properly structured, could large-scale contractually-based
authentication models obviate the need to create an international
technical and legal framework for PKIs?
III. Facilitating Universal
Authentication
A.
Standards and Harmonization
1. Policies and Practices
a. Is there a need for harmonized
certificate practice statements and/or certificate policies for different
types of applications, e.g., non-repudiation?
b. Could any such harmonized CPSs
and certificate policies be drafted at a level of detail that made them
both useful and globally applicable?
c. Could harmonized CPSs and/or
certificate policies facilitate cross-border recognition of electronic
signatures, even in the absence of an international agreement or an
applicable cross-certification agreement?
2. Technical Standards
a. Standardized certificate profiles
(i) Identity certificates / “qualified” certificates.
(ii) Attribute certificates.
b. Standardized message formats
(i) Limitations on usage.
(ii) Limitation of CA liability.
(iii) Underlying elements of relevant CPs, including nature of
certificate issuance and revocation procedures.
(iv) Technical specifications of signature creation device.
c. Standardized extension usage.
d. Standards for CA operational
procedures and requirements.
(i) Security procedures and standards.
(ii) Audit procedures.
(iii) Financial standards.
B.
Cross-Certification
1. Is there a need for a model
cross-certification agreement?
2. How to avoid the need for
potentially thousands of bilateral cross-certification agreements?
3. To what extent is
cross-certification a solution to the problem of cross-border recognition
of electronic signatures?
4. What role can be played by
“global” root authorities?
C.
Institutions
1. ISO/ITU/IEC.
2. IETF.
3. Industry-Specific Organizations.
IV. The Role of
Telecommunications Companies
A.
What are the natural competencies of telcos in the authentication area?
B.
What role, if any, can telcos play in facilitating cross-border usage of
authentication technologies?
|