The Security Aspect
1 Answer

(a) Initiatives by International Organisations

Many countries have commenced to enact laws related to Digital Signature. Many others are contemplating on these lines. UNCITRAL (United Nations Commission on International Trade Law) is working on a model digital signature law.

On March 27, 1997, the Organisation for Economic Co-operation and Development (OECD) has adopted certain guidelines concerning cryptography. The OECD comprises of industrialised countries, including Australia, Canada, European Nations, Japan and United States. The guidelines aim at promoting the use of cryptography. The guidelines enlist the following important points:

  • Trust in Cryptographic Methods: Cryptographic methods should be trustworthy in order to generate conf‌idence among the users of information and communications systems.

  • Choice of Cryptographic Methods: Users should have a right to choose any cryptographic method, and this should be subject to the relevant law.

  • Market Driven Development of Cryptographic Methods: Cryptographic methods should be developed in response to the needs and demands of individuals, business houses and Governments.

  • Standards for Cryptographic Methods: Technical standards, criteria and protocols for cryptographic methods should be developed and promulgated at the national and international level.

  • Protection of Privacy and Personal data: The fundamental rights of individuals to privacy, including secrecy of communications and protection of personal data, should be respected in national cryptography policies and in the implementation and use of cryptographic methods.

  • Lawful Access: National cryptography policies may allow access by lawful means, to plain text, or cryptographic keys, of encrypted data.

  • Liability: Whether established by contract or legislation, the liability of individuals and institutions that offer cryptographic services should be clearly stated.

  • International Co-operation: Governments Should co-ordinate cryptography policies. Governments should avoid creating unjustif‌ied obstacles to international trade in the name of enforcing cryptography policy.

(b) Initiatives by the United States of America

Many states in the US have either enacted or proposed legislation on digital signature. The Utah Digital Signature Act of 1995 provides a legal framework for the use of cryptography as a tool for data authentication purposes. Other states including Georgia, Florida, Hawaii, Oregon, Washington and Wyoming have enacted similar bills. California and Arizona have passed digital signatures legislation enabling electronic transactions with state enterprises. Minnesota has established licensing criteria for Certif‌ication Authorities and def‌ined their legal responsibilities to third parties. Nevada has enacted a law authorising the use of electronic symbols as substitute or supplement for certain signatures.

The Department of Commerce is responsible for licensing cryptographic devices used for Data Authentication, Access Control, Proprietary Software, Automatic Teller Machines (ATMs) etc.

US Government has made out a policy paper for global electronic commerce, entitled 'A Framework for Global Electronic Commerce'. This paper def‌ines strategies to help accelerate the growth of Global Commerce through the Internet. As a part of this policy paper, US Government has taken upon itself the initiative, to permit companies to export encryption products using 56-bit Data Encryption Standards (DES) or equal algorithm.

No essential lengths or algorithm restrictions have been imposed on the export of key recovery products. Nevertheless, such key recovery products would enable Government access to encrypted data, collected during legally authorised crime investigations. Domestic use of key recovery will be voluntary; any American will remain free to use any encryption system domestically.

(c) Initiatives by the European Union

The European Commission has launched a Study on the Legal Aspects of Digital Signatures. The study when completed, will spell out an overview of the policies of the European Union. The study is also supposed to provide an insight into the existing rules, regulations, and de facto practices concerning digital signatures and enable envisage new rules, regulations and practices among the Members of the EUs and its main trading partners.

(d) Initiatives by the G-7 Countries

The Information Technology Association of Canada, the European Association of Business Machines and Information Technology Industry (EUROBIT), the Japan Electronic Industry Development Association (JEIDA) and the Information Technology Industry Council of the United States have jointly identif‌ied 'Data Security and Privacy‘ as the most important parameters upon which the Global Information Infrastructure (GII) should be built. This factor has been pointed out in a paper prepared in January 1995 in connection with a meeting of the Group of Seven countries (Canada, France, Germany, Italy, Japan, United Kingdom and United States). The paper emphasized that effective implementation of GII will necessarily require use of Cryptographic technology. The paper prepared by G-7 countries suggests the following:

  • Governments, industry and users must agree on the cryptographic techniques and products to be used in the Global Information Infrastructure. There should be consensus on the procedure for verifying that these techniques/products conform to the standards so agreed.

  • The agreed techniques and the agreed verif‌ication procedures must be made public.

  • The agreed techniques must be based on private sector-led, voluntary international standards arrived at by consensus.

  • The products conforming to the agreed techniques should be free from import controls, legal restrictions on its use, licencing restrictions

  • The products conforming to the agreed techniques should be exportable to all countries, except those which are subject to UN embargo and

  • Users and suppliers of products conforming to the agreed techniques should be free to make technical and economic choices about modes of implementation and operation. The choice of suitable hardware and software should also be allowed.

Please log in to add an answer.