Forgot your password?
New user?
Document Actions
A Note of Caution on PKI
The UNCITRAL model bases “digital signatures” on public-key cryptography. Public-key cryptography is a mathematical technique that can be used not only to “scramble” messages for confidentiality, but also to sign messages to prove that they came from someone holding a unique key. A public key infrastructure (PKI) is a way to reliably link users and their unique cryptographic keys. The objective is to ensure valid identity in transactions between two parties. One means of doing so is to establish a procedure for storing public keys administered by Certification Authorities (CAs) who seek to ensure that the holder of a key is the person or entity it claims to be. These CAs may be operated by government agencies or private entities. See Sang Young Lee, “Boosting e-Government Through PKI.”
However, creation of a functioning PKI is extremely difficult in practice. Indeed, the vision of a seamless PKI system used for many different e-Commerce and E-Government applications may be an illusion. For the foreseeable future, in most countries, it may be best to think of online authentication like a wallet in the offline world – containing different authenticators (like different cards in a wallet) for different purposes. Moreover, there is growing recognition that the levels of authentication required for many G2B and G2C transactions will be relatively low. Many types of e-Government can be implemented without cryptographically based e-signatures or PKI.
Indeed, the focus on electronic signatures in discussions of e-Commerce and ICT development may have created misconceptions as to the priorities of legal reform necessary to support the Internet, e-Commerce and e-Government. At the least, an early focus on electronic signature laws can be a distraction from more important issues. Worse yet, requirements to use digital signatures in online interactions with government can inhibit the development of e-Government.
An incremental approach might be better suited for emerging economies, emphasizing, first, ensuring that there is no legal bar to the acceptance of electronic documents and, second, allowing businesses to agree among themselves on their own technical standards for entering into contracts electronically. For e-Government applications, governments may experiment with authentication systems (including possibly digital signatures) while refraining from setting up regulatory systems for e-commerce. E-Government policymakers would benefit from further research into the actual experience with implementation of digital signature laws: Where have digital signature laws been successfully implemented? It would also be useful to identify and highlight cases where Transact applications succeeded without a digital signature infrastructure. See James X. Dempsey, “Creating the Legal Framework for ICT Development: The Example of E-Signature Legislation in Emerging Market Economies” (2003).
Identity and Authentication Case Study – New Zealand
<<Previous: E-Documents and e-Signatures
Back to Beginning of Chapter
However, creation of a functioning PKI is extremely difficult in practice. Indeed, the vision of a seamless PKI system used for many different e-Commerce and E-Government applications may be an illusion. For the foreseeable future, in most countries, it may be best to think of online authentication like a wallet in the offline world – containing different authenticators (like different cards in a wallet) for different purposes. Moreover, there is growing recognition that the levels of authentication required for many G2B and G2C transactions will be relatively low. Many types of e-Government can be implemented without cryptographically based e-signatures or PKI.
Indeed, the focus on electronic signatures in discussions of e-Commerce and ICT development may have created misconceptions as to the priorities of legal reform necessary to support the Internet, e-Commerce and e-Government. At the least, an early focus on electronic signature laws can be a distraction from more important issues. Worse yet, requirements to use digital signatures in online interactions with government can inhibit the development of e-Government.
An incremental approach might be better suited for emerging economies, emphasizing, first, ensuring that there is no legal bar to the acceptance of electronic documents and, second, allowing businesses to agree among themselves on their own technical standards for entering into contracts electronically. For e-Government applications, governments may experiment with authentication systems (including possibly digital signatures) while refraining from setting up regulatory systems for e-commerce. E-Government policymakers would benefit from further research into the actual experience with implementation of digital signature laws: Where have digital signature laws been successfully implemented? It would also be useful to identify and highlight cases where Transact applications succeeded without a digital signature infrastructure. See James X. Dempsey, “Creating the Legal Framework for ICT Development: The Example of E-Signature Legislation in Emerging Market Economies” (2003).
Identity and Authentication Case Study – New Zealand
<<Previous: E-Documents and e-Signatures
Back to Beginning of Chapter