Cryptography Reference
In-Depth Information
“Member States shall ensure that an electronic signature is not denied
legal effectiveness and admissibility as evidence in legal proceedings solely
on the grounds that it is . . . in electronic form.”
45
On the other hand,
member states were required to amend their national laws so that cry-
ptographic signatures “satisfy the legal requirements of a signature in
relation to data in electronic form in the same manner as a handwritten
signature satisfies those requirements in relation to paper-based data; and
are admissible as evidence in legal proceedings.”
46
In contrast with generic
electronic signatures then, the directive mandated that member states go
beyond mere admissibility and grant cryptographic signatures equal stand-
ing to handwritten ones.
Like the presumptions of the ABA's Guidelines, this evidentiary advan-
tage was meant to motivate the development of a European industry of
cryptographic signature services, including certification, hardware and
software devices, time-stamping, and so on. So as to guarantee the trust-
worthiness of such services, the directive required member states to trans-
pose four annexes specifying minimal requirements that such services and
devices would be expected to meet. For example, given that non-repudia-
tion is based on users' ability to control their cryptographic keys, require-
ment III.1.c stated that “secure signature-creation devices must, by
appropriate technical and procedural means, ensure at the least that the
signature-creation-data [i.e., keys] used for signature generation can be
reliably protected by the legitimate signatory against the use of others.”
Remarkably, the directive issued only nonbinding recommendations for
“secure signature-verification devices.” That is, although manufacturers of
signature creation devices had to meet specific quality requirements, for
signature verification—the second and essential part of the signature pro-
cess—manufacturers were literally left to their own devices.
Cryptographic signatures were thus given a head start in the form of a
well-defined legal status (fulfilling the same requirements as handwritten
signatures); any other technology falling under the generic category would
be admissible, but with unspecified legal effects. Beyond these baseline
requirements however, member states were still free to define the evidential
value of these signatures in any manner they preferred. Indeed, the Com-
mission was careful to include a disclaimer that the directive “does not
affect national rules regarding the unfettered judicial consideration of
evidence.”
47
