Communication from the Commission to the European Parliament, the Council, the
Economic and Social Committee and the Committee of the Regions ensuring security
and trust in electronic communication / COM (97) 503

Towards A European Framework for Digital Signatures And
Encryption

I. Introduction: The need for secure electronic communications

II. Authentication and Integrity: Digital Signatures

1. Digital signature: what it is and how it works

2. Certification authorities

2.1. Certification
2.2. Possible contents of a certificate
2.3. Key management
2.4. Mutual recognition
2.5. Privacy

3. Legal Problems

3.1. Elaborating Community requirements
3.2. Liability
3.3. Legal recognition of digital signatures

4. Regulatory considerations

III. Confidential electronic communication: Encryption


1. The economic and societal importance of encryption

2. Regulation of encryption: Potential impact on the Internal
Market

2.1. Export control measures
2.2. Domestic control measures
2.3. Lawful access to encryption keys
2.4. Privacy

3. Assessment

IV. Policy actions at Community level


1. Community framework for digital signatures

1.1. The need for European Union action
1.2. Scope of a Community framework

2. Policy orientations in the area of encryption

3. Accompanying measures

4. Timeframe for Community action

V. Annexes

Towards A European Framework for Digital Signatures And
Encryption

I. Introduction

The need for secure electronic communication

Open networks such as the Internet are increasingly being used as a
platform for communication in our society. Open and accessible, they allow
rapid and efficient world-wide exchanges at low cost. This will lead to new
forms of business configuration (e.g. "virtual" enterprises, work collaboration
across the globe), of private communication (e.g. e-mail) and of
organisation of public services (e.g. electronic tax declaration).

Open networks also have the capacity to offer substantial opportunities for
global electronic commerce in goods and services which can be ordered,
supplied and paid for electronically. Already today, software packages,
information, music, and videos are being delivered over the Internet. It is
now largely expected that electronic commerce will be one of the key
drivers for the development of the global information society [
Communication of the Commission "A European Initiative in Electronic
Commerce" (COM(97)157 final, 16.4.97)] .

Overall, the increasing use of open networks offers the possibility to create
new businesses, new channels of distribution and new methods of reaching
the customer. It also opens up opportunities to re-engineer business
conduct itself.

However, the realisation of such developments are hampered by the
noticed insecurities typical to open networks: messages can be intercepted
and manipulated, the validity of documents can be denied, personal data
can be illicitly collected. Fraud is already increasing in several forms.
Therefore, today, important electronic documents are usually only
exchanged in so-called "closed networks", that is, involving users between
whom contractual relationships and mutual trust already exist. This model
cannot be transferred to open networks because of the absence of such
relationships between users. As a result, the attractiveness and advantage
of electronic commerce and communication cannot be fully exploited.

In order to make good use of the commercial opportunities offered by
electronic communication via open networks, a secure and trustworthy
environment is therefore necessary. Cryptographic technologies are
nowadays widely recognised as the essential tool for security and trust in
electronic communication. Two important applications of cryptography are
digital signatures and encryption. Digital signatures can help to prove the
origin of data (authentication) and verify whether data has been altered
(integrity). Encryption can help keeping data and communication
confidential.

Several Member States announced their intentions to introduce specific
regulation on cryptography and some have already done so. For example,
Germany and Italy already moved ahead with digital signature laws. In other
Member States internal discussions are taking place, and some tend to
refrain, at least for the moment, from any specific regulation at all.

Divergent legal and technical approaches would constitute a serious
obstacle to the Internal Market and would hinder the development of new
economic activities linked to electronic commerce. An EU policy framework
for ensuring security and trust in electronic communication and
safeguarding the functioning of the Internal Market is therefore urgently
needed. The European Union simply cannot afford a divided regulatory
landscape in a field so vital for the economy and society.

As cryptographic services and products are more and more demanded,
concerns are expressed that abuse of cryptography by criminals or
terrorists would make it increasingly difficult to combat crime. Such
concerns apply only to confidentiality services. Digital signatures do not
pose any risk for law enforcement, since they do not prevent data from
being read. Digital signatures could even bring significant law enforcement
benefits as they allow for example messages to be attributed to a particular
reader and/or sender. As, in addition, they need a specific regulatory
framework to take into account their legal implications, the present
Communication distinguishes between authentication and integrity services
- digital signatures (part II) and confidentiality services - encryption (part III)
[ This distinction is also stated clearly in the OECD Guidelines for
Cryptography Policy, 27.3.97] .

In September 1996, the European Parliament invited the Commission to
prepare legal EU provisions concerning information security and
confidentiality, digital identification as well as the protection of privacy [
European Parliament Resolution A4-244/96, 19.9.96, OJ320, p.164,
28.10.96] . In November 1996 the Council of Ministers requested the
Member States and the Commission to prepare consistent measures to
ensure the integrity and authentication of electronically transmitted
documents [ Council Resolution Nr. 96/C 376/01, 21.11.96 on new
policy-priorities regarding the information society, OJ C376, 12.12.96] . In
March 1997 the OECD adopted Guidelines for cryptography policy, setting
out principles to guide countries in formulating their own policies related to
the use of cryptography. These Guidelines - although non-binding - present
the first attempt at international level to give policy orientations on several
aspects of cryptography, including both encryption and digital signatures.
The Bonn Ministerial Declaration of July 1997 also stressed the necessity
of a legal and technical framework for digital signatures at European level
as well as the importance of the availability of strong encryption technology
for electronic commerce [ European Ministerial Conference, Bonn 6-8.7.97]
.

In its April 1997 Communication on Electronic Commerce, the Commission
announced the intention to prepare a policy aiming at guaranteeing the free
movement of encryption technologies and products as well as to propose a
specific initiative on digital signatures. As announced the present
Communication aims at developing such a policy framework with a view to:


establishing a European framework for digital signatures;
ensuring the functioning of the Internal Market for cryptographic
products and services as well as products and services incorporating
cryptographic techniques, while respecting public security concerns
and contributing to a homogenous security area in the EU, as set out
by the Amsterdam European Council [ Presidency Conclusions on
freedom, security and justice, Amsterdam European Council,
16/17.6.97] ;
stimulating a European industry for cryptographic services and
products;
addressing the international questions raised by the global nature of
the Internet and other electronic networks, in particular by removing
trade barriers for cryptographic services and products and achieving
as far as possible end-to-end communication security on a global
scale;
providing the basis for integration of cryptography within the framework
of other European policies such as protection of privacy, consumer
interests and intellectual property rights;
stimulating and enabling users in all economical sectors to benefit from
the opportunities of the global information society which can only be
fully exploited if based on a framework of trust and security.

Discussions about the possible conflict between divergent interests on
security have shown a considerable amount of confrontation and discontent
between institutions and interest groups. This Communication is therefore
also meant to contribute to a better understanding of the underlying issues
and of the growing importance of cryptography for the information society.

II. Authentication and Integrity: Digital Signatures

Transmitting data in electronic form has many advantages compared with
traditional methods. Documents can be made available almost instantly and
in any quantity and the recipient is able to work on them directly.
Transmission is considerably cheaper and faster - documents can be sent
around the globe in a matter of seconds, without delay. However,
authentication and integrity services are needed for secure and trustworthy
data transmission and communication over open networks.

The speed of technological progress implies that many of the potential
application fields for authentication and integrity services are difficult to
ascertain at this stage. New application areas (e.g. protection of intellectual
property rights, stored data, network security or electronic cash) are
developing continuously. In particular for electronic communication digital
signatures are considered to play a significant role.

1. Digital signature: what it is and how it works

(I) Several different methods exist to sign documents electronically varying
from very simple methods (e.g. inserting a scanned image of a hand-written
signature in a word processing document) to very advanced methods (e.g.
using cryptography). Electronic signatures based on "public key
cryptography" are called digital signatures and widely considered as crucial
for a variety of applications [for a more detailed description see Annex I]:


digital signatures used for official communication with public
institutions (e.g. calls for tender, exchange of application forms, identity
documents, tax declarations, transmission of legal documents);
digital signatures used for contractual relations in open networks (e.g.
electronic buying and selling, financial transactions);
digital signatures used only for identifying or authorising purposes (to
be certain of the identity of a correspondent or of his specific attributes
e.g. an authorisation to log into a computer system, identification of
Web servers);
digital signatures used in closed systems (e.g. a corporate Intranet);
digital signatures used for personal purposes.

(II) In electronic communication, the concept of digital signatures is linked to
the notion of data transmission using a kind of electronic seal which is
affixed to the data and which allows the recipient to:


verify the origin of the data, i.e. the use of a key assigned to a certain
sender (authentication of data source),
check that data are complete and unchanged and thereby safeguard
their integrity (integrity of data).

Technically speaking, digital signatures are usually created and verified by
asymmetric cryptographic techniques similar to those used for encryption.
Two complementary keys are generated and assigned to a user. One of
them - a signature key - is kept private (private key) whereas the other - a
signature verification key - is published (public key). It is of course crucial
that the private key cannot be computed from the public key.

(III) Contrary to cryptography used for confidentiality purposes, digital
signatures are annexed to the data and leave the content e.g. of the signed
electronic document or the electronic transaction intact. Of course, the data
can in addition be encrypted as described and discussed in chapter III. The
cryptographic technology is used to protect against the illicit use of
signatures in an electronic environment. Technical means exist to signal
when keys are being used for functionalities other then the one for which
they have been generated (e.g. a key issued for authentication for
confidentiality purposes).

(IV) With the help of the sender's public key the recipient can find out
whether the signed data has been altered and check that the public and
private key of the sender are a complementary key-pair. Even the smallest
change of the data would be discovered immediately. What appears to be a
relatively complicated mathematical process is in practice carried out in a
matter of seconds by the computer. The user therefore would not notice the
underlying computing process.

(V) Verification of the authenticity and integrity of data does not necessarily
prove the identity of the owner of the public key. How does for instance the
recipient of a message know that the sender is really the one he claims to
be? The public key may be attached to the message or be published in a
directory, but what degree of confidence can the recipient have? Anyone
can publish a public key under another name. The recipient may therefore
wish to obtain more reliable information on the identity of the key owner.
Such information can be given by the key owner himself, issuing the
recipient with satisfactory proof. Another way is to have it confirmed by a
third-party (e.g. a person or institution mutually trusted by both parties).

In the context of digital signatures these third-parties are most commonly
so-called certification authorities.

2. Certification authorities (CAs)

The provision of public certification services is a completely new service
sector. Although still in its infancy this sector is already raising a lot of
interest. The sector is currently dominated by commercial undertakings
based outside Europe, although some European companies have also
emerged. A significant number of new entrants will appear on the market
very rapidly. They seem to focus on their national market and do not, at
least initially, target markets in other EU Member States. This hesitation is
also linked to legal uncertainties.

CAs can perform a range of functions with regard to digital signatures.
Sometimes, publications refer to them as Trusted Third Parties (TTPs).
However, TTPs which in general may provide a wide range of services very
often are perceived to stand for lawful access to encryption keys [see
Annex III].

While it is not excluded that TTPs also act as a CA - as described in this
paper - the functions of both institutions are considered to be different. In
particular CAs are crucial for digital signatures to become a fully accepted
tool within national legal systems, for instance, to ensure legal recognition
and enforceability of a signature in electronic commerce. Therefore the role
and the legal basis for CAs and TTPs need to be distinguished from a
regulatory standpoint.

2.1. Certification

One central task of a CA is to authenticate the ownership and the
characteristics of a public key so that they can be trusted. Once a CA is
satisfied that the ownership and the characteristics of a public signature key
are correct, a certificate is issued containing this key and other details. This
certificate is itself digitally signed i.e. the CA signs the certificate with its
private key to establish the correlation with the key owner. When the CA's
public key is added, a simple automatic verification is possible. However, it
is necessary for the recipient to trust the CA, in other words a CA must be
mutually trusted by both parties.

As a result, several categories of certificates are technically conceivable,
e.g. the CA's public key can be signed by another CA leading to a
certification hierarchy. It would also be possible to have the public key
certified by several different CAs.

2.2. Possible contents of a certificate

A certificate can contain a whole range of informations, going beyond the
mere key allocation and precisely determining its use. Some additional
information will always be necessary, e.g. the algorithm to be used or the
certificate expire date. Other information may be voluntary and will depend
on the purpose for which the key is to be used and the level of confidence
or trust required of it.

Examples of a certificate's contents:


name or pseudonym of the signatory
name of the CA
public key of the signatory
algorithm
type of key
profession
position within an organisation (e.g. complementary to a "limited
partnership", executive vice-president of a "corporation")
qualification, licences (e.g. attorney, doctor, haulage contractor)
official approvals (e.g. catering permit, vehicle driving licences)
limits of liability (legal limits e.g. "commanditaire "of a "limited
partnership" or voluntary limits)
cover limits (e.g. insurance, deposits)
confirmation that in the case of disputes pseudonyms are revealed
certificate expire date

This might lead to a variety or different classes of certificates. For instance,
a key used to authorise a large financial transfer between two banks will
require a high level of trust whilst one used to validate a low value personal
purchase will not need to be trusted to the same extent.

2.3. Key management

Key management implies an extensive task package, which can for instance
include the generation and allocation of key-pairs, the identification of the
owner, the creation of a public key directory and time stamping.

(I) Key creation and owner identification

The keys - which can also be generated by the user himself - must be
effectively unique and tamper proof (which is practically given by the choice
of an appropriate key length and generation procedure). Otherwise the
digital signature cannot be allocated for legal relations in a reliable manner
to data for which it has been generated and, via the key, to only one certain
person or entity. This ensures that a key owner cannot refer to the fact that
the digital signature was produced not with his key but with another one.

Keys may be allocated to private persons, legal persons (e.g. limited liability
company) or to "entities without legal status" (e.g. department of an
enterprise, working group). Keys can even be assigned to functional entities
such as servers or PCs. Since the CA must guarantee the unique link
between a key and its user, it has to identify the user in a reliable way and
to hand out the key to the correct person.

(II) Key directory

A directory of public keys may also be created providing information on the
key owner, its validity period and other details, such as revocation. The key
directory must always be kept up-to-date. Certificate revocation lists allow
to determine whether a certificate has been revoked, suspended or
reactivated. The effective operation of such a facility will depend on the
speed and reliability of the cancellation procedure, which could be used in
cases of invalidity of the certificate or loss and theft of the private key.

(III) Time stamping

There are many situations in legal relations, where proof of the exact time of
a certain action (transmission, creation or receipt of a document or the time
at which a declaration of intent is made) is crucial. It is important to prove
the exact time when a key was revoked to avoid liability for contracts signed
with a compromised key. Therefore, digital time-stamping services able to
reliably confirm the exact time of certain actions will be necessary. Time
stamping services are also crucial for 'Intellectual Property Right'
applications. These services could be provided by a CA, but of course also
by another body.

2.4. Mutual recognition

In a fully international framework for electronic commerce certificates issued
by foreign CAs must be mutually recognised in different countries. Thus the
verification of any international certificate can be rapid and efficient.
National structures could be complemented by a co-ordination mechanism
at the European level. Such a concept is consistent with the Community's
established negotiation strategy on mutual recognition and could encourage
the development of certification services in Europe. Agreements with third
countries will be both easier to secure and economically more beneficial if
done on the basis of a common Community-wide regime.

Mutual recognition provisions in national laws could in principle facilitate
cross-border trust. They would at the same time reduce potential EU
Internal Market obstacles and enhance crossborder circulation of goods
and services. The direct application of the Treaty (Art. 30, 52, 59, mutual
recognition provisions in national legislation) could already lead to a
satisfactory functioning of the Internal Market. Other possibilities of ensuring
cross-border recognition of certificates could be harmonised European
certification services (including the procedures concerning the issuance of
such a certificate) as well as common evaluation criteria and procedures.

2.5. Privacy

Business partners sometimes do not have an interest in the precise identity
of a particular person or entity, but only in the confirmation of previous
contacts, in their affiliation to a defined group of persons, in their individual
characteristics such as solvency and creditability or simply in unforged data.

Example: Credit card companies do not confirm the identity of the
card-holder, but only whether this person has a certain line of credit.

Therefore in many cases people will have several key pairs corresponding
to their different roles. Those persons not wishing or not obliged by law to
communicate under their name can choose a pseudonym which safeguards
their anonymity in transactions and communication (though the signatory is
identified to the CA) whilst fully exploiting the integrity and authentication
functions of digital signatures. This possibility is also required by the EU
Data Protection Directive [ Directive 95/46/EC, 24.10.95 on the protection of
individuals with regard to the processing of personal data and on the free
movement of such data, OJ L 281/31, 23.11.95. See also Common Position
57/96, 12.9.96 with a view to the adoption of a European Parliament and
Council Directive concerning the processing of personal data and the
protection of privacy in the telecommunications sector, in particular in the
integrated services digital network (ISDN) and in the public digital mobile
networks, OJ C315, 24.10.96, which establish the specific rules for data
protection and the right to privacy with regard to telecommunications
networks. ] and supported by the OECD Cryptography Policy Guidelines.
Without such a privacy safeguard, digital signatures could be abused as an
efficient instrument for tracing individual on-line consumption patterns and
communication or for intercepting, recording or misusing documents or
messages.

There may be cases where the disclosure of pseudonyms may be
necessary for reasons of public security and crime prevention. The EU Data
Protection Directive lays down the conditions under which Member States
may adopt measures restricting the right to remain anonymous.

Another privacy and data security concern results from the need that key
pairs have to be unique and confidential in order to minimise the risks of
"identity theft" and forgery. CAs must therefore be forbidden to store private
keys. This again distinguishes CAs from TTPs which task is to keep
information about private keys.

Since CAs must be able to identify the key owner and thus gather
information about the individual, they are subject to the obligations
concerning data processing, security and transfers to third countries laid
down by the EU Data Protection Directive. For example, CAs can only
collect and process personal data if the individual has given his consent or
if they are authorised by law.

3. Legal Problems

While commercial products for digital signatures are already available in the
market place, only a few companies in Europe have so far taken steps to
offer services in this area. One of the main reasons is the weakness of
demand resulting partly from the absence of legal recognition of digital
signatures. Greater use of digital signatures requires adjustments and
changes in many regulatory areas. In the current situation, the most
important legal problems result from different national rules and regulations
(or the lack of them), in particular the absence of common requirements for
CAs, of technical and operational requirements to be met by certain
categories of digital signature products, of liability rules and of legal
recognition of digital signatures. The Commission will evaluate the
possibility to provide for the harmonisation of the different national
provisions to support international mutual recognition of digital signatures.

3.1.Elaborating Community requirements

At present there is no uniform legal framework specifying requirements for
CAs in the European Union. This does not hinder CAs to be active on the
market (there are already visible commercial activities in the US and also in
the EU). But serious obstacles for cross-border trust would result from the
lack of common rules.

Example: Certificates issued by a CA in one Member State would not be
recognised by a CA in another Member State, especially if one Member
State has foreseen a licensing system for CAs and the certificate has been
issued by a foreign unlicensed CA.

Establishing common criteria for the activities of CAs on Community level
would allow certificates issued by a CA in one Member State to be
recognised in all other Member States (mutual recognition). Since these
problems and the risk that divergent national rules, or the lack of such rules,
will hold back the functioning of the Internal Market and the development of
electronic commerce, there is a strong case for a common legal framework
to be established. A Community framework would enhance trust in digital
signatures, whilst promoting their legal recognition. Such a framework could
for instance establish principles for the activities of CAs.

Example of fields where common requirements for CAs could be specified:


security of the CA and compliance with data protection legislation
reliable identification of a person (to make sure that key owners can be
identified)
minimum insurance coverage (CAs must be able to pay in case they
are liable)
technical components
qualification and security testing of personnel
no "self-certification" of the CA

In order to achieve the highest possible level of security, it would be
appropriate to make a clear distinction between different tasks - e.g.
certification or key administration - and between different certificates. The
catalogue of the requirements can therefore be different - depending on the
actual offer of services.

It would also be essential to establish common technical requirements for
digital signature products, if national provisions (e.g. for key generation or
storage) will not be mutually recognised and hinder the functioning of the
Internal Market. Community harmonisation measures should be limited to
establishing the essential requirements and leaving technical details (e.g.
through a mandate) to standardisation bodies.

3.2. Liability

Clear liability rules would contribute to the acceptance of CA services.
However divergent levels of protection at national level could potentially act
as a cross-border barrier to the provision of goods or services or to the use
by public administrations of on-line services in a cross-border context.
Liability questions may play a particular role in the relationship between
users and CAs or between two CAs as well as with respect to licensing
authorities (licensing CAs).

In all Member States, there are contractual rules connected to appropriate
liability rules between the user and the CA. Liability depends very much on
the concrete single cases. For instance, liability problems can be better
managed if digital signatures are used within specific closed user groups.

Liability largely depends upon the concrete service offered by the CA as
stipulated in the contract. A legal catalogue of requirements could form the
basis for the contractual duties. It would also provide for both minimum and
maximum liability of the CAs or guaranties, for example regarding the
accuracy of the certificate or the correctness of the key directory.
Certification practice statements, a detailed description of how certificate
policies are implemented by a particular CA, could also play an important
role as orientation for liability issues.

Normally there is no contractual relationship between a CA and third
parties, like the recipient of a digitally signed message or another CA, who
have confidence in the validity of certificates. Therefore Member States
should examine whether there is a need for special liability rules.

Errors made by a licensing authority in the licensing process can be
damaging to the user, the CA and third parties. Since the licensing authority
has no contractual obligations and since the extra-contractual liability of
public authorities is usually strictly limited, Member States should examine
whether special rules for liability are necessary.

3.3. Legal recognition of digital signatures

The legal concepts behind signatures and the requirements on form and
procedures, are different in each of the Member States jurisdictions. The
differences, particularly in the field of civil and procedural law, have to be
analysed. Member States should be encouraged to scrutinise the relevant
national laws and regulations for provisions which do not allow to exploit the
potential of digitally signed documents (form, evidence).

When signing a contract using a digital signature, one is confronted with
different questions: does a declaration of intent have a legal value? Does
the signature meet legal requirements? Is a digitally signed document
recognised as evidence in court?

(I) Declarations of intent

Legal practices have emerged in Member States over the years in
connection with declarations of intent. These cannot simply be translated
into the context of electronic communication since the way to make a
declaration of intent differs substantially from the traditional form in some
respects.

Example: The delivery of a document in paper form requires more time than
in the electronic form. One has to put the document into an envelope, apply
a postage stamp and post it. In so doing, one still has time to reconsider
one's decision. An electronic document on the other hand is delivered by
simply pressing a key or button.

In particular in order to guarantee an appropriate protection against hasty
decisions, Member States should examine whether specific requirements
are needed regarding the binding character of declarations of intent.

In addition, technical solutions must be found to make sure that users sign a
document in the version which is actually visible on their screen.

Example: Technically, substantial differences may exist between the
document visible on the screen and the document which is actually signed
or printed, e.g. if the programme works with associated files.

(II) Non-repudiation of digital signatures

Even when a key pair has been assigned in total trust to a certain person,
this does not prove that this person has actually signed a given document.
While the normal situation is that the key owner signs the document, a
digital signature can in fact only be associated with certainty to a given
private key. This presumption will only hold if it is certain that only the
owner of the secret private key has full and unique control over his private
key. Key escrow of private keys would endanger this presumption.

Example: Unlike conventional signatures, where the signatory signs with
his own hand, digital signatures also allow a third - authorised or
unauthorised - person to sign the document if this person is in possession
of the private key, so-called "undisclosed" delegation.

Assignment is however possible if it can be legally presumed that the key
owner signed himself. In that case the owner might wish to be legally liable
only to a certain extent (e.g. within a limit, as with a credit-card). Member
States should therefore consider appropriate legal rules.

(III) Legal treatment of references

In order to carry business transactions faster or for cost reasons, one can
refer to documents which are not part of the electronically transmitted data
itself, but which are stored in another place, e.g. reference to standard-form
contract conditions, technical descriptions or plans.

Problems could however result from the fact that the technical possibility of
referring to other documents does not meet the legal requirements that
have emerged from traditional legal relations.

Example: In a sales contract, a computer company refers to the terms of
delivery indicated on the company's Internet-homepage. Under which
conditions do the terms of delivery become part of the contract? Do they
have to be digitally signed as well?

Special rules in Member States' civil laws will therefore be necessary for the
legal treatment of references in electronic legal relations. The most
important point is that references do not have other legal effects than those
they would have if they were contained in the document in question.

(IV) Legal effects

Ensuring equivalent legal effects for conventional hand-written and digital
signatures is not easy to realise considering their different characteristics
and their different ways of being materialised.

Examples:


Unlike conventional signatures, it is not possible in the case of digitally
signed documents to distinguish between an original and a copy.

Each person only has one hand-written signature. However, a given
person can have several key sets. Digital signatures are also different
for each document signed.

However, these differences do not by any means prevent digital signatures
from enjoying equivalent legal value for certain legal or judicial purposes.
The legal effects of documents signed with digital signatures is implicitly
linked with trustworthiness of CAs and is an indispensable condition for the
development of legal electronic transactions. The starting points are:

Recognition as evidence in legal proceedings

In some legal systems (e.g. Belgium, France, Greece) electronic
documents, even if they digitally signed, could not be accepted as evidence
in legal proceedings, because written evidence is required as soon as the
value of, for instance, a selling contract is beyond a certain limit. Such
restrictions are clearly detrimental to the use of digital signatures.

Recognition as an equivalent to written form

The use of a written form can fulfil several functions, e.g. warning, proof or
authenticity. Documents provided with a digital signature can likewise fulfil
these functions provided that digital signatures are safe and reliable. If
documents provided with a digital signature match the requirements of a
written form, this will have a very favourable impact on their implementation
in the legal framework.

Member States could also implement specific rules on an electronic form in
their civil laws. Thus Member States would not have to change all their
regulations on written form but would be able to introduce digital signatures
only where they think it would make sense.

Legal domains in which no specific legal form is prescribed, but where, for
example, the use of the written form is based on voluntary business
practice, would greatly benefit in terms of security - thanks to the gain of
confidence - from the legal recognition of digital signatures.

4. Regulatory considerations

(I) While digital signatures are currently a recognised answer to
authentication and integrity questions, the market may come up with other
solutions. Therefore regulation has to create on one side a clear framework
to build trust in digital signatures, but on the other side also has to be
flexible enough to react to new technological developments.

(II) Regulation should not restrict, neither de jure nor de facto, the
contractual freedom of parties. Therefore any regulation should be tailored
to correspond to the different possible uses of digital signatures (see II.1.).
Private use of digital signatures or use within closed-user groups, for
instance, might escape specific regulation entirely. Well-identified cases
could become subject to regulation, for example in official communication. In
any case, it must be ensured that both regulated and unregulated digital
signature schemes can co-exist and are interoperable.

(III) Some Member States are in the process of introducing voluntary
schemes, and others consider mandatory licensing schemes, to build trust
in CAs and to encourage legal recognition of digital signatures. However,
licensing is only one of the possible trust-enhancing methods Member
States may apply to promote the use of legally valid digital signatures.
Non-licensed, but highly regarded private or public organisations may as
well be considered as a trusted CA.

(IV) In the context of licensing, it is important to distinguish clearly between
on the one hand, the procedures and conditions governing the
establishment of a CA, and, on the other hand, the conditions imposed on
the different services provided by a CA. The Treaty Articles 52 and 59 apply
to each of these situations. Different national regulatory approaches and
the lack of mutual recognition of each other's regulatory requirements may
easily lead, due to the inherent cross-border nature of digital signatures, to
a fragmentation of the Internal Market for electronic commerce and on-line
services throughout the Union.

(V) Restrictive practices with regard to the establishment of CAs, the
services they provide, the cryptographic tools they use, etc. will be
detrimental to the free circulation of goods and services within the Internal
Market. They should not undermine the freedom of establishment, for
example by discriminating without justification on the basis of nationality or
by restricting without justification the number of those providing CA
services. The scope and the timeframe of Community action would be
determined by the need for harmonisation. Since mandatory licensing of
CAs is not the only way to ensure compliance of CA's activities with public
intentions of how to promote trust in digital signatures, an EU regulatory
framework would have to provide for the co-existence of both licensed and
unlicensed CAs. Such a framework should be put in place at the latest by
the year 2000.

III. Confidential electronic communication: Encryption

1. The economic and societal importance of encryption

(I) An encryption algorithm transforms a plaintext into an unreadable
ciphered text (encryption) and vice versa (decryption) using a special key.
The economics behind encryption is to transform the problem of keeping
thousands of messages secret into the problem of keeping a single key
secret. A useful distinction can be made between symmetric and
asymmetric encryption algorithms [see Annex II for more detailed
explanation].

Symmetric algorithms use the same key for encryption and decryption. This
means that communicating parties have to agree on a secret key in
advance. The disadvantage is that they have to find a secure way to
exchange this key. This is particularly cumbersome in an open environment
with many participants that may not know each other beforehand. This
disadvantage is avoided in asymmetric encryption methods that use
different keys for encryption and decryption.

At present, encryption provides the most important tool to keep electronic
communication and electronically stored documents confidential. Although
new technologies will emerge sooner or later, it can be expected that
encryption will remain the cornerstone for most confidentiality services on
open networks for the foreseeable future.

Encryption has a long tradition in the defence area. However encryption
technologies are increasingly integrated into commercial systems and
applications.

Examples:


Digital mobile telephones enjoy, thanks to encryption, stronger
protection .
Banks use strong encryption for financial messages (e.g. the S.W.I.F.T
system).
Pay-TV can only function commercially thanks to encryption which can
then be decrypted on payment of a subscription fee. [ The protection
of such encryption systems against piracy varies in Member States.
The Commission has presented a proposal for a Directive aiming at
establishing a Community-wide equal level of protection (COM(97)356,
9.7.97)]
Digital versatile disks (DVD), which will replace the previous video
cassettes, use encryption techniques to prevent piracy in order to
protect intellectual property rights.

(II) The above examples already show that the exclusive character of
encryption belongs to the past. They also show that increasingly encryption
technology is integrated into products primarily to protect, for example,
Intellectual Property Rights or to avoid fraud. Moreover, the fast growth of
the Internet will create a fundamental change in the use of encryption: it will
become an integral part of personal and business computing.

Computer stores sell cryptographic products and more and more people
simply down-load encryption software from the Internet which can be easily
installed on a normal PC. The integration of complete cipher machines on
smart cards is a reality. PCs could be delivered with standardised smart
card readers and fast crypto-chips. Various universities in the world teach
cryptology and hundreds of companies in Europe and even more
world-wide develop, produce and sell products and systems to be used for
encryption.

A survey has identified not less than 1,400 encryption computer products
world-wide [ Survey conducted by Trusted Information Systems] . More than
400 companies from the US and about 440 companies outside the US,
many of them in Europe, now offer encryption products [ see also Computer
Systems Policy Project CSPP: "Perspectives on security in the information
age ", January 1996. CSPP is an affiliation of chief executive officers of
leading American computer companies] . Involved in this process are
incumbents like computer, software and telecommunication companies as
well as high-tech start-ups. Most of the young companies are growing fast:
numerous examples exist where the annual growth rates of turnover or
employment are 100% and even more.

(III) Electronic commerce and many other applications of the information
society will only expand and unfold their economic and social benefits if
confidentiality can be assured in a user-friendly and cost-efficient way.

Examples:


When using services such as tele-shopping or tele-banking, the
consumer needs to be ensured that personal data such as credit card
numbers are kept confidential.
Data protection laws require safeguards like encryption to ensure
privacy.
In storing secret data and in carrying out sensitive business
communication (project details, bidding information, research results,
etc.) over open networks, companies wish to be protected against
industrial espionage.
Health care telematic applications must not allow for disclosure of
medical histories of patients to unauthorised persons.

Cryptographic technologies are flexible, support a wide range of
applications and minimise transaction costs on open networks. Continuous
progress in digital technologies will make computing crypto-algorithms even
more cost-efficient. European companies have developed substantial
capabilities to integrate high-quality cryptographic features into their
products and services. As demand for products with encryption is now
growing very fast world-wide, it provides substantial opportunities for the
industry and job creation in Europe.

Furthermore, the application of cryptographic products and services will
have an enabling effect in all sectors of economic and social activity.
Without this widescale deployment, the ability to create new, more
competitive forms of business and new forms of social interaction will be
substantially inhibited.

(IV) International treaties, constitutions and laws guarantee the fundamental
right to privacy including secrecy of communications [ Art. 12 Universal
Declaration of Human Rights, Art. 17 International Covenant on Civil and
Political Rights, Art. 8 European Convention on Human Rights, Art. F(2)
Treaty on EU, EU Data Protection Directive] . Consequently, in the current
shift from off-line to on-line information flows, the public needs to have
access to technical tools allowing effective protection of the confidentiality
of data and communication against arbitrary intrusions. Encryption of data is
very often the only effective and cost-efficient way of meeting these
requirements. Therefore, the debate about the prohibition or limitation of the
use of encryption directly affects the right to privacy, its effective exercise
and the harmonisation of data protection laws in the Internal Market.

2. Regulation of encryption: Potential impact on the Internal Market

2.1. Export control measures

Concerns over foreign threats to national security have been the primary
motive for export controls. Whilst countries want to protect their own military
and diplomatic communication through encryption, the objective of export
control is precisely to deny similar benefits of cryptography to foreign
opponents, in particular if they do not have equivalent technical means.
Therefore, export controls are in general designed to prevent international
proliferation of certain encryption technologies.

Under the Wassenaar arrangement on export controls for conventional
arms and dual-use goods and technologies (19.12.1995) [ see
http://www2.nttca.com:8010/infomofa/press/c_s/wassenaar.html;
http://ideath.parrhesia.com/ wassenaar/wassenaar.html] , replacing the
COCOM [ Co-ordinating Committee for Multilateral Export Controls was an
international organisation for the control of the export of strategic products
and technologies to proscribed destinations. Members were to a large
extent NATO countries but also others like Japan and Australia.] list, a
group of 28 countries apply export controls to encryption products.

Within the European Union, the Dual-Use Regulation of December 1994
establishes a common framework for exports of dual-use goods [ Council
Regulation (EC) 3381/94, 19.12.94 setting up a Community regime for the
control of exports of dual-use goods, OJ L 367/1, 31.12.94. Council
Decision 94/942/CFSP, 19.12.94 establishes the lists of dual-use goods
covered by the Regulation, OJ L 367/8, 31.12.94.] . Certain encryption
products may only be exported on the basis of an authorisation. In order to
establish an Internal Market for dual-use goods, such export authorisations
are valid throughout the Community.

Moreover, according to Article 19 of this Dual-Use Regulation, Member
States exercise a licence procedure for a transitional period also for
intra-Community trade for certain particularly sensitive products. For the
time being this also includes encryption products. This means the
Regulation obliges Member States to impose not only export controls (i.e.
controls on goods leaving Community territory) on dual-use goods, but also
intra-Community controls on cryptography products shipped from one
Member State to another.

The Dual Use Regulation however does not fully specify the scope, content
and implementation practices of national controls. Consequently, a large
variety of domestic licensing schemes and practices exists. These
divergences can lead to distortion of competition.

2.2. Domestic control measures

Law enforcement authorities and national security agencies are concerned
that wide-spread use of encrypted communication will diminish their
capacity to fight against crime or prevent criminal and terrorist activities. For
this reason, in several Member States consideration is being given to how
their encryption policy could develop in the future. This has led to national
and international discussions about the need, technical possibilities,
effectiveness, proportionality and privacy implications of such a regulation.

(I) Existing regulation within the European Union and the OECD

Whilst export control measures are internationally widely applied, up to now,
domestic control of encryption is quite exceptional. In fact, currently only
one Member State of the European Union (France), applies a
comprehensive cryptographic regulation [ Loi N 90-1170 of 29.12.90,
JORF 30.12. 90; Decret N 92-1358, 28.12.92, JORF 30.12.92 ;. Delivery,
exportation and use of cryptography are subjected to previous declaration if
the cryptography can have no other object than authenticating
communications or assuring the integrity of transmitted messages, and
previous authorisation by the Prime Minister in all other cases. This law is
currently being modified according to loi N 96-659, 26.7.96 de
r?glementation des t?l?communications art 17] . Although there have been
discussions in other Member States, only the United Kingdom has so far
launched a Public Consultation on the regulation of TTPs for the provision
of encryption services (but not for use of encryption) [ Licensing of TTPs for
the provision of encryption services - DTI Public Consultation Paper on
detailed proposals for legislation, 3.1997] .

The international picture is quite similar. Looking at the OECD countries,
besides export controls there are basically no domestic regulations
implemented. In the US - where up to now no domestic regulation is in place
- there is an intensive debate on several legislative initiatives. In taking up
the developing debate on this topic in some OECD Member countries and
trying to avoid obstacles to international trade and commerce resulting from
divergent national policies, the OECD has adopted Guidelines for a
cryptography policy.

(II) Regulation of use of encryption

Regulation of use would mean to rule the use of encryption without an
authorisation as illegal. Alternatively or additionally, supply and import of
encryption products and services could be brought under an authorisation
scheme. Authorisations would either be denied or granted under certain
conditions, for instance to use only weak encryption or to sell only approved
software. These conditions are scaleable to satisfy any perceived needs of
law enforcement and national security agencies.

Such regulations could limit the use of encryption. In addition, divergence
between regulatory schemes might result in obstacles to the functioning of
the Internal Market, in particular for the free circulation.

Example:

If an encryption software company which can freely develop its products in
its home country, must comply with specific technical or legal requirements
in other Member States, this company has to produce at least two, if not
more, different versions of its encryption software. The same situation
occurs if enterprises want to offer cross-border encryption services.

Today, nobody can be totally prevented from encrypting data (criminals or
terrorists also can use encryption for their activities [ Most of the (few)
criminal cases involving encryption that are quoted as examples for the
need of regulation concern "professional" use of encryption. It seems
unlikely that in such cases the use of encryption could be effectively
controlled by regulation; see also "Encryption and Evolving technologies as
tools of organised crime and terrorism" by D.E. Denning and W.E. Baugh,
Jr. ] ): Firstly, access to encryption software is relatively easy, for instance
by simply downloading it from the Internet. Secondly, it is difficult to prove
that a specific person has sent an unauthorised encrypted message.
Electronic communication on open networks is not like an end-to-end
telephone conversation where people can be identified for instance by their
voice. Thirdly, encryption is also possible using steganographic methods [
see Annex II] . These methods allow one to hide a message in other data
(e.g. images) in such a way that even the existence of a secret message
and thus the use of encryption cannot be detected.

As a result, restricting the use of encryption could well prevent law-abiding
companies and citizens from protecting themselves against criminal attacks.
It would not however prevent totally criminals from using these
technologies.

2.3. Lawful access to encryption keys

The underlying principle of this approach is to require that products and
services incorporating encryption allow access to the respective keys. This
would permit government agencies to decrypt a ciphered text otherwise
difficult or impossible to crack. Different technical and institutional ways to
provide key access are being discussed. The two most known concepts are
key escrow and key recovery. Broadly speaking, these concepts imply that
copies (escrow concept) or information (recovery concept) about relevant
keys are given either directly to government agencies or to TTPs [see
Annex III].

(I) Key access schemes are considered by law enforcement agencies as a
possible solution to cope with issues like encrypted messages. However
these schemes and associated TTPs raise a number of critical questions
that would need to be carefully addressed before introducing them. The
ongoing discussion of different legislative initiatives in the US is an
illustrative example of the implied controversy. The most critical points are
vulnerability, privacy, costs and effectiveness:


Inevitably, any key access scheme introduces additional ways to break
into a cryptographic system [ See for a comprehensive analysis the
recently published study "The risks of key recovery, key escrow, and
trusted third party encryption"] . More people will know about "secret
keys" and "system designs" leading to higher risks of insider abuse
and the TTPs itself can become target for attacks. These new
vulnerabilities are complex and need to be understood as substantial
liability and privacy questions are implied.
The costs associated with key access schemes can be very high. Up
to now, questions on costs and who would bear them have not been
addressed by policy makers. Important cost factors would be the
specific requirements put on TTPs, e.g. response time to deliver keys,
storage time for session keys, authenticate requesting government
agency, secure transfer of recovered keys, internal security
safeguards, etc.

Furthermore, substantial and unknown costs would occur through the need
for scaleability of key access schemes, i.e. making it work in a multi-million
user environment. Up to now, such systems have at best been developed
for small scale use. The costs to make them work on an economy of even
global wide scale need to be looked at carefully.


Key access schemes can be easily circumvented - even if,
hypothetically speaking, everyone would be forced to pass through
these systems.

Examples:


Users could first encrypt the data with an unrecoverable key and later
use a licensed escrowed encryption system. Unless encryption as
such is forbidden, this would even be legal. Anyhow, such an
operation could only be detected when an agency actually tries to
decrypt the data. It is impossible to "scan" the network to detect the
use of non-escrowed encryption. Therefore use of non-escrowed
encryption would not even be able to act as a general indicator for
possible illegal activities.
Users could encrypt a relatively large number of session keys in a
way that the previous key encrypts the next one, always using one or
several official escrow/recovery systems. Only the last key would be
used to encrypt the message. An agency would need to reverse this
process and to obtain all keys in order to read the message; although
technically feasible, this task would be extremely difficult to manage.
To be noted, the users would have fully complied to a key recovery
scheme.

(II) Any involvement of a third party in confidential communication increases
its vulnerability. The main reason for involving a third party in the
management of keys for confidentiality is to allow that party to make the
keys available to other than the two communicating parties, for example, to
law enforcement.

Users may therefore not see many advantages in using TTPs for
confidential communication, and probably not even for stored information.
Regulators would thus need to offer incentives to convince users to use
licensed TTPs for confidentiality purposes, for instance through a "public
security label" or even by introducing a "mandatory scheme". Such a
mandatory scheme would make any publicly available offer of encryption
services subject to a licence that inter alia would demand key
escrow/recovery.

The acceptance of such a system remains to be seen, but given its implied
overheads, can not be regarded as an incentive for electronic commerce. In
any case, restrictions imposed by national licensing schemes, particularly
those of a mandatory nature, could lead to Internal Market obstacles and
reduce the competitiveness of the European Industry.

2.4. Privacy

Privacy considerations suggest not to limit the use of cryptography as a
means to ensure data security and confidentiality. The fundamental right of
privacy has to be ensured, but may be restricted for other legitimate
reasons such as safeguarding national security or combating crime, if these
restrictions are appropriate, effective, necessary and proportionate in order
to achieve these other objectives. The EU Data Protection Directive
harmonises the conditions under which access to personal data, their
processing and transfer to third countries is lawful.

As regards data security the Directive requires Member States to provide
that a data controller must implement appropriate technical and
organisational measures to protect personal data against accidental or
unlawful destruction or accidental loss, alteration, unauthorised disclosure
or access, in particular where the processing involves the transmission of
data over a network, and against all other unlawful forms of processing.

Cryptography is one important technical means by which data integrity and
their confidentiality can be ensured. To ensure also the secure flow of
personal data throughout the Internal Market, such technical means must
be able to "travel" with the personal information they are securing. Any
regulation hindering the use of encryption products and services throughout
the Internal Market thus hinders the secure and free flow of personal
information and the provision of related goods and services.

3. Assessment

Proposals for regulation of encryption have generated considerable
controversy. Industry expresses major concerns about encryption
regulation, including key escrow and key recovery schemes [ see e.g.
Industrial Declaration of the Bonn conference, July 97] . Although there is a
lack of experience, as electronic communication and commerce have just
begun to penetrate economy and society, a preliminary assessment can be
made in order to build a common European understanding of the subject, in
particular as Member States may have different views on security issues
implied. Such an understanding could be founded on the following points:

(I) Problems caused by encryption to crime investigation and the finding of
evidence are currently limited, but they may increase in the future. As with
any new technology, there will be abuse of encryption and criminal
investigations will be hindered because data was encrypted. However,
widespread availability of encryption can also prevent crime. Already today,
the damage caused by electronic crime is estimated in the order of billions
of ECUs (industrial espionage, credit card fraud, toll fraud on cellular
telephones, piracy on pay TV encryption). Therefore, there are
considerable economic and legal benefits associated with encryption.

(II) Criminals cannot be entirely prevented from having access to strong
encryption and from bypassing escrowed encryption. Benefits of regulation
for crime fighting are therefore not easy to assess and often expressed in a
fairly general language. However control measures could make use of
encryption for criminal activities more difficult and cumbersome.

(III) In the information society, citizens and companies will increasingly carry
out more aspects of their lives and business on-line. Through
teleconferencing, tele-shopping, teleworking, electronic payment, e-mail,
etc. a huge amount of information will be available electronically, in a way
never experienced before. Therefore, if citizens and companies have to fear
that their communication and transactions are monitored with the help of
key access or similar schemes unduly enlarging the general surveillance
possibility of government agencies, they may prefer remaining in the
anonymous off-line world and electronic commerce will just not happen [see
Eurobarometer opinion survey 46.1 on privacy in the information society,
January 1997] .

(IV) Key escrow or key recovery raise a number of practical and complex
questions that policy makers would need to solve, in particular issues of
privacy, vulnerability, effectiveness and costs. If at all required, regulation
should be limited to what is absolutely necessary. Regulation would also
need to distinguish between a multitude of possible key types (storage
keys, session keys, authentication keys, etc.) as there are important
differences in their functionality.

(V) In the context of electronic commerce using open and global networks,
the international availability, interoperability and choice of various
encryption products and services is necessary. Any regulation hindering the
use of encryption products and services throughout the Internal Market
hinders the secure and free flow of personal information and the provision
of related goods and services, and its justification needs to be examined in
light of the Treaty and the EU Data Protection Directive

(VI) The ultimate objective for government agencies is to see plaintext and
not necessarily to have access to keys. Furthermore traffic analysis (e.g.
who communicates with whom?) is also important and would benefit from
increased electronic communications. Information, even encrypted for
communication, can often be found unencrypted at the source, just as with
traditional forms of communication, for instance with banks, shops, travel
agencies involved in communication with a suspect, or can be tapped
unencrypted at certain points in a communication link. Therefore existing
regulation on traditional forms of lawful access to data and communication
could be explored with a view to effectively applying it to access to
encrypted data and communication, e.g. regulation could require access
provision to encrypted information upon legally authorised request.

(VII) A fundamental problem lies in international relations, i.e. how to ensure
global communication in case key escrow/recovery regulation is introduced
in some countries. Countries would probably insist that only national TTPs
could hold keys of their citizens. For instance, in case of a session key
recovery scheme that is linked to an e-mail communication, only the country
of the sender could decrypt the message unless there is a special
arrangement between the two countries.

(VIII) Irrespective of the compatibility of restrictions with the Treaty
provisions on the free circulation of goods and services, specific national
controls on the use of encryption could also have a secondary effect on the
free circulation of persons, similar to those already identified by the Veil
Panel [ Report of the High Level Panel on the free movement of persons,
chaired by Mrs. Simone Veil, presented to the Commission, 18.3.97] .

IV. Policy actions at Community level

Electronic communication via open networks is at the core of the
information society. Fast and secure exchange of data offers many
advantages for electronic commerce which can contribute decisively to
improvements in competitiveness and job creation. The European Union
has an early opportunity to create the conditions for a trend-setting
infrastructure and for growth in European industry.

The Commission will seek to build trust in electronic communication via
open networks to ensure the functioning of the Internal Market, to stimulate
electronic commerce and to strengthen the European Industry.

1. Community framework for digital signatures

1.1. The need for European Union action

Detailed regulations for digital signatures are already under preparation in
some Member States. France has already adopted a new
Telecommunications Act, Germany a law on digital signatures [ Gesetz zur
digitalen Signatur (SigG), 1.8.97] , Italy a law on the use of electronic
documents and contracts [ Schema di Regolamento "Atti, documenti e
contratti in forma elettronica", approved by the Italian Council of ministers,
5.8.97] . The UK Government has launched a Public Consultation on the
regulation of TTPs. The Dutch Government has created an
inter-departmental task force [ Staatscourant nr. 54, 18.3.97] . Denmark and
Belgium [ see http://www.agoraproject.org/] are also preparing draft
legislation on digital signatures. The Swedish government organised a
public hearing in June 1997.

Whilst the development of a clear framework is welcomed, the very
divergent legal and technical approaches which have already appeared and
the absence of any legal environment in other Member States - also
possibly justified - might constitute a serious barrier to doing business and
communicating throughout the European Union. This will undermine the
free circulation of digital signature related products and services within the
Internal Market as well as the development of new economic activities
linked to electronic commerce. In order to stimulate electronic commerce
and the competitiveness of the European industry as well as to abolish the
free circulation obstacles and to facilitate the use of digital signatures
across national borders, a common framework at Community level is
urgently needed and should be put in place at the latest by the year 2000.

1.2. Scope of a Community framework

The goal of any Community initiative must be to encourage Member States
to rapidly implement appropriate measures to build trust in digital
signatures. The Commission therefore considers proposing - in the context
of the Amsterdam Treaty - first pillar legislation on the basis of this
Communication. The following steps would be necessary from the
Commission's point of view:

(I) Common legal requirements for CAs

Common European certification requirements are crucial. By establishing
defined common criteria for the activities of CAs, the Community could put
in place a framework allowing that certificates issued by a CA in one
Member State are recognised in all other Member States. A Community
framework would have to refer particularly to the setting of common
requirements for the establishment and operation of CAs allowing for the
co-existence of licensed and non-licensed CAs. Common classes of
certificates may also be needed so that the levels of assurance and trust for
certificates are the same in all Member States. Detailed implementation and
the means of applying such rules (licensing regime, self-certification) would
be a matter for Member States to decide.

To support international mutual recognition of digital signatures the
Commission will furthermore identify the need for common technical and
operational requirements as well as common evaluation criteria and
procedures, including standards, concerning digital signature products.

(II) Legal recognition

In order to achieve as wide as possible acceptance of digital signatures,
national legal systems may need to be adapted to ensure that they offer the
same recognition and treatment to digital signatures as to conventional
signatures.

The Commission will complete its currently ongoing assessment of the need
to provide for the legal recognition of digital signatures at Community level.
The different national provisions inhibiting the full exploitation of digitally
signed electronic documents (form requirements, evidence rules), on the
basis of which further proposals for action will be made will also be taken
into account. Legal form requirements and the validity of signatures as
evidence in legal proceedings should rapidly be submitted to examination
by justice ministers.

(III) International co-operation

Electronic communication is not limited to the European Union. Therefore -
where appropriate - a framework must be developed at an international
level once a Community position has been established. This requires
participation of Europe (both on Community and on Member States level) in
international initiatives and fora.

Many international initiatives have been initiated at different levels.
Bilateral (EU/US, EU/Japan) and multilateral (e.g. UNCITRAL [ United
Nations Commission on International Trade Law] ) discussions have
started. UNCITRAL has completed the work on a Model Law on Electronic
Commerce and has recently initiated subsequent work aiming at the
preparation of uniform rules on digital signatures and the related
(cross-border) services (CAs). Work in the OECD based on the Guidelines
for cryptography policy is continuing. Other international organisations,
such as the WTO, may become involved with regard to avoiding trade
obstacles and other aspects related to their specific area of competence
and expertise.

In the United States [ An update on the status of US legislation can be
found on http://www.mbc.com/ds_sum.html] almost all States have either
started working on or have already legislation on digital signatures.
Agencies, such as the Food and Drugs Administration, are promulgating
regulations specific to their area of responsibility [
http://www.fda.gov/cder/esig/part11.htm] . At the federal level, Congress is
considering several legislative initiatives. In Japan, some technical and
regulatory activities in the area of authentication and electronic transactions
have been launched earlier this year.

At the business level the American Bar Association produced the "Digital
Signature Guidelines" and the Internet Law and Policy Forum (ILPF) is
working on the role of CAs in consumer transactions.

In view of these world-wide activities the Commission recommends that the
Community continues and initiates the dialogues on international level. The
goal must be to remove existing obstacles in order to create an
internationally compatible framework for electronic commerce, in particular
to establish common technical standards and mutual recognition of
certificates.

2. Policy orientations in the area of encryption

(I) The EC Treaty and the Treaty on the European Union fully respect the
competence of Member States with regard to the areas of national security
and law enforcement. If national restrictions are put into place they have to
be compatible with Community law. Therefore the Commission will examine
whether national restrictions are totally or partially justified, notably with
respect to the free circulation provisions of the Treaty, the case law of the
Court of Justice and the requirements imposed by the Data Protection
Directive.


National restrictions must respect the principle of proportionality (be
appropriate, effective and not go beyond what is necessary for
attaining the objective pursued).
Member States already have to communicate to the Commission and
through it, to the other Member States their intended technical rules,
the observance of which is compulsory, de jure or de facto, in case of
marketing, use, manufacturing or importation of a product,
cryptographic products including [ Council Directive 83/189/EEC,
28.3.83 laying down a procedure for the provision of information in the
field of technical standards and regulations; OJ L109, 26.4.83] . This
procedure enables the Commission, and the Member States, to
identify those rules which, once adopted, will create Internal Market
obstacles, and to take appropriate action, either issuing comments, a
detailed opinion or by proposing Community measures.
It will be important to distinguish "authentication and integrity services"
from "confidentiality services", because different rules and goals
separate, as identified above, these two aspects.

Potential impacts on trade and competitiveness will also be important
considerations.

(II) The Dual-Use Regulation should be adapted in view of the requirements
for the cryptographic products market. Article 19 imposing national controls
also contains a provision to re-examine the need for these controls within
three years from the date of entry of the Regulation (by the end of 1997).
Therefore, when the Dual-Use Regulation is reviewed it could be improved
by:


progressively dismantling intra-Community controls on commercial
encryption products (i.e. not necessarily for very advanced
encryption);
launching a discussion on the scope and interpretation of certain
provisions, such as the so-called "General Software Note" (stipulating
that public domain software is not subject to controls);
dealing with problems like intangible means of transmission (e.g.
transmission of technology by fax or e-mail).

(III) To create an appropriate and balanced regulatory framework within the
Community, the Commission invites and supports Member States to
enhance co-operation of police forces on a European and international
level.

(IV) Given the global dimension of electronic communication and commerce,
international agreements may be necessary between the Community and
other countries, once a harmonised system has been put in place. The goal
must be to remove existing obstacles in order to create an internationally
compatible framework for electronic commerce, in particular to establish
common technical standards and mutual recognition of certificates.

(V) The Council is also invited to initiate a debate on encryption issues.

3. Accompanying measures

(I) Interoperability

Interoperability between different encryption and digital signature
applications and systems is absolutely necessary to ensure that they can
be applied in and outside Europe. Services are mostly achieved by agreed
standards including test criteria and procedures covering protocols, data
formats and program interfaces.

By using agreed protocols and data formats it is not necessary to develop
gateway services or conversion programs changing one format to another.
Interoperability in a broader sense also means that application solutions can
be moved from one type of software and hardware environment to another
(portability) and that users can move from one place to another and still
access the same trusted services (mobility).

Examples for work on standards:


The most widely known format of certificates is X.509 v3 [ The v3
version has built-in additional extension fields, which can convey
additional subject identification, key attribute or policy information. It is
still necessary to specify a profile for use of the extensions tailored for
the Internet. ] .
The Secure Electronic Transactions (SET) standard is a protocol used
by industry and designed to safely transmit sensitive personal and
financial information over public networks.
At the international level, the Internet Engineering Task Force (IETF) [
Public-Key Infrastructure (X.509)] , ISO/ITU [ X500 and ISO9594
series] and the World Wide Web Consortium (W?C) [ W?C Digital
Signature Initiative] are working on standards concerning public key
infrastructure, certificates and digital signatures .

In order to meet the legal and market requirements, technical and
management standards developed in an open, market-driven manner are
needed to support interoperability. Management standards can be helpful
for the operation of CAs. Technical standards are for instance necessary for
digital signature and certificate formats as well as for time-stamping
services and smart cards. Standards must correspond to the best current
practice.

The Commission encourages industry and international standards
organisations to develop technical and infrastructure standards for digital
signatures and encryption to ensure secure and trustworthy use of
networks and respect privacy and data protection requirements [ see Bonn
Ministerial declaration, footnote 5] . The Commission will consider specific
mandates on standardisation and will propose, in close co-operation with
the Member States, industry as well as the user community (business,
consumers, citizens) measures which will support the work in this field.

(II) Support programme

The Commission is ready to support the development of cryptographic
services, in particular it is considering proposing a Council and Parliament
Decision for an INFOSEC II programme building on the INFOSEC
programme carried out from 1992 until 1994. The programme could aim at
developing overall strategies for the security of electronic communication, in
particular with a view to provide users and producers of electronic
communication with appropriate protection systems.

(III) Research projects

The Commission will continue the current projects in the field of digital
signatures and encryption within the 4th framework programme for
Community activities in the field of research and technological development
(1994 - 1998) [see Annex IV for a list of ongoing projects] and will launch
new projects within the 5th framework programme (1998 - 2002). Notably
the proposal for the 5th framework programme foresees a key action on
electronic commerce. Special importance will be attached to techniques
aiming at interoperability and enhancing privacy, to stimulating best practice
and encouraging its widescale deployment.

(IV) The use of digital signatures and encryption by public authorities

In the near future, government administrations will use digital signatures
and encryption for internal purposes or in their relations with business and
citizens. Such use may require adaptations to national as well as
Community laws, regulations and administrative procedures. The first
Community Regulation [ Council Regulation (EC) N 1290/97, 27.6.97
amending Regulation (EEC) N 1408/71 on the application of social security
schemes to employed persons, to self-employed persons and to members
of their families moving within the Community and Regulation (EEC) N
574/72 laying down the procedure for implementing Regulation (EEC) N
1408/71 OJ L 176, 4.7.97, P. 1 insertion of a new paragraph in Article 85
ensuring that documents exchanged by electronic means are given the
same status as paper documents] has been modified in order to allow the
use of digitally signed electronic documents. The impact of national
measures has to be monitored in order to identify problem areas which may
require a Community intervention. Also the Union's institutions will use
digital signatures [ SINCOM, the budget management application of the
Commission, introduces smart cards for digital signatures purposes] and
encryption.

(V) European Internet-Forum

The Commission will create by the end of 1997 an electronically based
European Internet-Forum as a means to exchange information on the
regulatory and user aspects of digital signatures and encryption.

(VI) International hearing

The Commission intends to organise beginning of 1998 a hearing about the
topic "digital signature and encryption". The aim is to consult governments,
industry and consumers on which measures they feel the Community
should take into consideration in order to


enhance the trust in legally valid and user-friendly digital signatures as
well as in secure communication;
abolish identified Internal Market obstacles related to provision and
free circulation of cryptographic goods and services;
provide adequate protection of privacy of individuals and their personal
data.

4. Timeframe for Community action

4.Q./1997: European Internet-Forum

4.Q./1997: Commission proposal to amend the Dual-Use Regulation

1.Q./1998: International hearing

1.Q./1998: Assessment of the comments on the Communication, the results
of the Internet-Forum and the international hearing

2.Q./1998: Proposal for further action (e.g. Directive on digital signatures)

2.Q./1998: Proposal for an Infosec II programme

1998-2002: Projects within the 5th framework programme by 2000:
Common framework for cryptography put in place throughout the Union



Zuletzt geandert:
am 07.11.97