Annette Hillebrand, Franz Büllingen
Durch Sicherungsinfrastruktur zur Vertrauenskultur: Kritische Erfolgsfaktoren und regulatorische Aspekte der digitalen Signatur
Nr. 188 / Oktober 1998
Summary
Open data networks like the internet are widely used for communications and economic transactions. At the same time, requirements for sender authentification and integrity increase. Apart from technical protection against manipulation the need for an electronic equivalent of handwritten signatures arises. The transfer of this universal cultural medium with its specific legal and social functions from the "paper world" to the "virtual world" marks an important step in establishing new online-applications.
In Germany, the Digital Signature Act has been set up in autumn 1997. This regulatory framework for a security infrastructure aims at maximum security, although it demands a high use of resources. The framework is competition oriented and open for alternative technological solutions. Probably, the recommended technical solution will be used primarly for acts of sovereignty and security-sensitive commercial applications.
Recent pilot studies show that a demand for digital signatures arises mainly from communication processes between administrative authorities. In the field of e-commerce however, this technology competes with electronic payment systems. Therefore it remains to be seen whether existing applications become completed or replaced. Surveys on the use of digital signatures indicate the future demand rather to be located in business-to-business communications than in business-to-customer relationships. With common use of digital signatures a higher security level can also be reached in user-to-user communications, e.g. for better copyright protection.
Digital signatures are not only a new technology. They have to be implemented in a time consuming diffusion process before they become an integrated part of day-to-day routines. The speed of this cultural development mainly depends on how the market participants are able to influence technological interoperability, the reach of a critical mass, legal acceptance as well as the development of action patterns and confidence in the signatures’ security. In addition, there is need for early international harmonization and standardization.
It is expected that digital signatures will be accepted mainly in restricted application fields because suppliers and commercial users have different risk perceptions and will weigh up costs against improved IT-security. Therefore, alternative methods will gain high market shares although they might offer lower security levels.
A major success factor of the German digital signature is cross-border acceptance. At present, the European Commission suggests a market-oriented approach that allows numerous technical methods to replace the handwritten signature. A far-reaching liability regulation is advised in order to reach high quality standards. However, this regulation is not compatible with German liability law.
The dilemma between high security requirements of the German Digital Signature Act and other solutions becomes obvious as international harmonization processes on EU or WTO level proceed. Basically, with regard to openess to technological innovations and market orientation there are two regulatory options. Firstly, the international model character of the digital signature should be made transparent by longer-term evaluation to reduce market and application barriers. Secondly, negotiations should work towards a standardization of different security levels to allow individual cost and risks estimations. Lack of transparency and resulting manipulation incidents can slow down the overall process of diffusion of digital signatures. It seems that in this context the users’ awareness of different security levels’ implications becomes a central challenge for consumer protection measures.
Only German language version available.