- Welcome and Introductory Remarks
Seiichi Shimada, Senior Executive Managing Director and Chief
Information Officer, Mitsui & Co., Chairman, Information Industry
Group, Keidanren
Keidanren regards e-commerce as an important vehicle for promoting
structural changes and as a promising source of new opportunities. In
July 1999, Keidanren compiled proposals and recommendations for the
promotion of e-commerce, which were distributed to workshop participants.
In trying to develop an environment for e-commerce, Keidanren has worked
on proposals and received comments from those concerned.
Electronic signatures and electronic authentication have drawn
attention as a means to confirm identity of users of the communications
network. To enhance the future of e-commerce, digital signatures need to
have the same effect as both handwritten signatures and the signature
seals, which are common in Japan. We need a system that is
technologically neutral to facilitate low-cost and convenient electronic
authentication, flexible enough to permit use with a wide variety of
technologies and by many businesses, and also that is open to
alternatives. Access should not be restricted.
It is symbolic that this forum is held today because today, in Japan,
draft electronic authentication legislation, promoted under the auspices
of the Ministries of Justice, International Trade and Industry, and Posts
and Telecommunications, was announced for public comment.
With this background, ILPF has been active with respect to legal and
policy aspects, and Keidanren is fortunate to be able to jointly sponsor
this event with them. We are fortunate to have so many eminent experts
from Japan, the United States and Europe, from the public and private
sectors, and many who have traveled a great distance to participate.
Several people who could not attend will be able to participate by video
and telephone. ILPF’s activities are very well known and I give my best
wishes for its future success.
- Current Legislative Trends and Government Involvement
T. Ishida, Senior Chief Researcher, Mitsubishi Electric Corp., Moderator
Mr. Ishida introduced the panelists throughout the afternoon.
Ryozo Hayashi, Director-General for Machinery and Information
Industry Policy, Japan Ministry of International Trade and Industry
("MITI")
Today, the Ministry of Posts and Telecommunications ("MPT"),
the Ministry of Justice, and MITI have unveiled proposed legislation on
electronic signatures for public comment. The proposal contemplates that
electronic signatures will be used for e-commerce on the Internet.
Electronic representation of the intent of parties to a transaction
through electronic media must be given legal effect. In the case of paper
contracts, a seal or written signature is required. No matter what the
legal system, some benchmark is used to measure the validity of the
signature or seal. Certain systems are prone to repudiation or
falsification. An information system must confirm authenticity and
validity of content. In Japan seals are generally used, but are not
required to make a contract valid. The seal only gives a factual
presumption of validity. In practice, however, seals are used routinely
for paper contracts, and, thus, the stability of transactions is secured.
In the United States, Europe, and other Asian countries, efforts have
already been underway to create a legal framework for electronic
signatures. It is against this backdrop that the work in Japan has
developed. There are three concerns involved in the authentication of
electronic transactions. First, in Japan, seals, which give presumptive
validity to contracts, are used. While, unlike in other systems where the
documentation is a requirement for the validity of a contract, in Japan it
is the mere intention of the parties that makes a contract valid. Thus,
there is no special need for legal recognition of electronic
signatures. However, to give assurance to the Japanese people and to lend
credibility to electronic contracts, the presumptive effect given to seals
should also be given to electronic signatures. Second, because the
Internet lends itself to global transactions, there should be common
features (but not necessarily identical ones) among individual legal
systems to facilitate mutual recognition. Japan should study foreign
systems to make its system compatible. Third, in terms of further
development, restrictions should be kept to a minimum to facilitate the
development of technologies and systems by the private sector. In Japan,
private certification authorities have been active in the authentication
of electronic transactions. In some other systems, the state takes an
active role in the accreditation process. The Japanese government
believes that there is an appropriate role for government, however, we
must think about the expansion of user choice and broadening the
possibility of technological advancement. Thus, private certification
bodies must be left with the choice of whether the state will provide
accreditation. Under the principles of the Japanese Civil Procedure Code
if a court determines that while accreditation has not been given, the
transaction has not been repudiated, and the parties have expressed their
agreement, then the contract will be deemed valid. This is similar to the
treatment given faxes and other messages. Within the Japanese legal
structure, the above-described system can take into account the
development of technology and increased demand in this area.
Kanichiro Aritomi, Director-General for Telecommunications
Business Telecommunications Bureau, Japan Ministry of Posts and
Telecommunications ("MPT")
MPT also thinks that electronic authentication is positioned as a sort
of infrastructure for electronic commerce on the Internet. From the
telecommunications authority perspective, the Internet poses the following
challenges: expense, delay, and risk. As for expense, MPT is making
efforts to realize low and flat-rate systems for Internet use. The
development of high-speed routers and low-rate services has been
encouraged. What is important is to ensure security, the main topic of
today’s workshop. Because the Internet has an inherent open quality,
security is of special concern. To provide secure and stable electronic
activity on the Internet, the identity of the parties and integrity of the
contents of the transactions must be ensured. Already, private
authentication bodies are utilizing encryption and other authentication
systems, however, no legal system has yet been established. The Ministry
of Justice has considered the legal implications under the Civil Procedure
Code and has decided on a direction to take. Internationally, many
countries have already instituted legislation governing electronic
signatures and authentication, and personally, Mr. Aritomi felt that Japan
was only lagging slightly behind other countries. The Japanese government
feels that it should institutionalize electronic authentication, and MPT,
MITI, and the Ministry of Justice have played a central role. Proposed
legislation will be introduced to the next ordinary session of the Diet
next year. Previously, it would have been unthinkable for these
ministries to be working together. The ministries look forward to
constructive public comments, specifically with regard to: (1)
international consistency to facilitate mutual recognition; (2)
technological neutrality (e.g., rather than promotion of open-key
technology); (3) Internet crimes (e.g., electronic fraud) (some have
called for police supervision, but Mr. Aritomi commented that since the
government is emphasizing private sector development it is reluctant to go
in this direction.)
Elliot Maxwell, Special Advisor to the Secretary for the Digital
Economy, U.S. Department of Commerce
Mr. Maxwell commented on the progress that has been made in Japan, as
shown through the proposed legislation. In the United States, the reasons
people do not participate in electronic commerce are: (1) they are
concerned that they do not know with whom they are communicating; (2) they
are concerned that the information transmitted not be tampered with; (3)
they are concerned with how the information will be used; and (4) they are
concerned that they will be treated fairly by other parties, and if not,
that there are some means of redress. The notion of trust is reflected in
these four concerns. These issues must be resolved to allow e-commerce to
flourish. The United States has the highest rates of participation in
e-commerce, but growth will be limited unless we all participate together
so that everyone can have access to the tools of e-commerce.
The United States government is trying to deal with these concerns in
parallel. First, in terms of privacy, the government is encouraging the
private sector along the lines of the OECD principles on privacy --
choice, security, right of access to information, and redress.
Third-party private sector bodies will provide monitoring. The role of
government should be limited, for example, to regulate medical information
and the privacy of children. Privacy is a critical concern that must be
addressed to promote consumer trust. As for consumer protection, the
government should be involved to ensure the rules apply. The Internet is
not the "Wild West" -- we have to make sure that the rules take
the Internet into account. We must try to make the Internet more secure
and more useful than physical methods. In terms of providing information,
this includes information such as comparison shopping, warranties, order
and delivery status, etc.
The United States is also looking to increase reliability and security.
All those who use telecommunications networks and the Internet understand
that reliability and security for one is not the same as for the other.
For example, in the case of electronic securities trading, when networks
go down, we do not see the same growth characteristics as we have in the
past. Reliability issues include addressing who is liable if the network
goes down. As for authentication, the U.S. government looks forward to
reviewing the MPT, MITI, and Ministry of Justice proposal and comments
from others. Joint Japan-United States statements on electronic commerce
and the OECD Declaration on Authentication reflect how closely allied our
views are.
The U.S. view on basic principles is, first, we need to "clear the
underbrush" to "plant seeds" of e-commerce by eliminating
existing legal barriers. Electronic signatures must have the same legal
effect as paper signatures. Second, we must look first to party choice of
means of authentication. The parties can tailor authentication to their
needs. There is no need to have government direct which method to use.
Third, we must have technological neutrality. It has been only seven
years since the first commercial browsers were developed and we do not
want to impede technological development because we are at such an early
stage. Fourth, there should be no discrimination against providers or
technologies and there should be no trade barriers.
It is important to involve the private sector because its members will
be the ones who are primarily engaged in these activities. The role of
government should be very limited. Government does engage in
"e-government" transactions with citizens, thus it should make
its own decisions as a system participant. Government should be humble in
its ability to predict and should not over-regulate and try to fix
problems it cannot foresee -- this can impede the development of
technology. In 1997, we predicted $300 billion in e-commerce in 2002.
Now, we foresee $1.3 trillion in U.S. business-to-business e-commerce and
$100 billion in U.S. business-to-consumer e-commerce because of the
inventiveness of the private sector. Because e-commerce is global, we do
not need the same systems, but interoperable systems. We have been
advocating at UNCITRAL a convention to embody these principals.
Hopefully, we will see them embodied in rules around the world. Through
efforts towards interoperable systems, everyone around the world can
benefit.
Phillipe Paulin ,Counsellor (Economic and Commercial), European
Delegation
Europe is working along the same lines as the United States. Europe
has been behind and is trying to catch-up. The system should be
"lightly" regulated, but consumer protections must be ensured so
that consumers can have confidence in e-commerce. Next week there will be
a joint European and Japanese consumer dialog, at which e-commerce will be
discussed. In Europe there has been a proposal for a directive that would
lay down minimum rules under the EU principle of free movement of goods
and services. The main goals of the electronic signature directive are
to: (1) harmonize national regimes; (2) establish a legal framework for
electronic signatures; and, (3) strengthen confidence in electronic
signatures. In terms of scope, the directive does not call for the
regulation of closed systems, but electronic signatures used on the basis
of private law agreements can benefit from legal recognition. In terms of
market access, providers can offer services without prior authorization
under voluntary accreditation schemes. As for legal recognition, there is
a dual approach: non-discrimination towards electronic signatures, but
advanced electronic signatures would fulfill form requirements under
national laws. The fulfillment of form requirements would be linked to
requirements for certificates and certificate service providers and
signature creation devices. There would be minimum liability rules and
certificate service providers would operate under a principle of
negligence and a revised burden of proof. As for third-country
certificates, there would be non-discrimination. In terms of the time
frame, the Council Common Position was issued on June 28, 1999, the
European Parliament second reading occurred on October 27, 1999, and final
adoption is set for November 30, 1999, with implementation at the national
level planned for 2001.
Richard Schlechter, Detached National Expert, Directorate-General
XIII, European Commission (via telephone)
The directive will be adopted quickly. During the following 18 months,
the next step will be implementation. Most states are already quite
advanced, and Mr. Schlechter expected that the framework will be put into
place soon -- perhaps 50-60% implementation by the beginning to middle of
next year.
John Dryden, Head of Information Computer and Communications
Policy Division, Directorate for Science, Technology and Industry,
Organization for Economic Cooperation and Development (OECD) (via
videotape)
Mr. Dryden assured OECD support for the objectives of the workshop.
OECD is not the only international organization working in this area, but
it plays an important role. The 29 member nations currently account for
most of e-commerce in the world. OECD also has working relations with the
private sector, and a broad mandate to promote economic and social
objectives. OECD is currently working in the areas of consumer
protection, privacy protection, infrastructure development and access,
statistical measurement, etc. In addition to its analytic work, OECD also
promotes various conferences and fora. The Ministerial Declaration on the
Authentication for Electronic Commerce developed at the Ottawa meeting has
served as the basis of OECD’s work. The Declaration provides for
non-discrimination among authentication approaches taken by other
countries and calls for the amendment of media or technology-specific laws
of member countries to avoid impediments to e-commerce. Mr. Dryden
recommended that participants view the OECD webpage at http://www.oecd.org and his email address,
dryden@oecd.org.
Taizo Nakatomi, Principal Administrator, Information Computer and
Communications Policy Division, Directorate for Science, Technology and
Industry, Organization for Economic Cooperation and Development (OECD)
(via videotape)
Mr. Nakatomi described OECD’s current activities. A 2-day joint
OECD-private sector workshop on electronic authentication was held in June
1999 in Stanford, California. Case studies and examples of authentication
systems were presented. No specific conclusions were reached, however, it
was evident that the technology used depends on the application, therefore
the parties should decide which technology to use. Also, a draft of the
Inventory of Activities of Authentication in the Global Network Society
was completed for the Ottawa conference -- a "snapshot" view as
of July 1999 of member countries’ activities in the area of e-commerce.
OECD plans a follow-up study of how member countries have responded to the
Ottawa Declaration and a report to the ministers will be compiled next
year. OECD will not establish guidelines at this time, so as to not
hinder growth.
- Discussion
Mr. Ichikawa
Mr. Ichikawa posed the following questions to Messrs. Schlechter,
Paulin, and Maxwell. For the new system to work, how do you predict risk?
A system based on the experience of trial and error takes too long.
Perhaps the government may be able to provide models to predict prices and
risks?
Mr. Schlechter
We are always skeptical of government taking the lead in this area.
Government is very slow and there is always the question of money. So, if
you only rely on the government, you will be behind the market.
Government can play an important role, however, as has been the case in
Germany, where government projects have been implemented by the private
sector. It is very important for government to promote technology, but
remain technology neutral.
Mr. Maxwell
Mr. Maxwell expressed his skepticism for the ability of government to
predict and formulate an appropriate response in a system about which we
know so little. For example, we could not have predicted e-auctions in
1997. If the government had imposed regulations, it could have hindered
growth and foreclosed the possibility of the millions of transactions now
occurring simultaneously. Instead, we have had the flexibility to respond
to consumer needs. For example, in the auction space we saw an increase
in consumer complaints about buyer and seller behavior. The market
responded by offering insurance, escrow services, reputational forums,
on-line dispute resolution. This was a response by the private sector
within the context of consumer protection laws. It is not possible to
aspire to rules that are exactly alike in the 200+ countries around the
globe, because governments can only apply rules to their small area. The
private sector, however can provide interoperable systems.
Mark Bohannon, Chief Counsel for Technology and Counsel to the
Undersecretary for Technology, U.S. Department of Commerce (via
telephone)
Mr. Bohannan responded to Mr. Katoh’s question regarding the status of
legislation in the United States at the federal level. There have been
two bills introduced in each House of Congress that would act as a
framework for states to implement the Uniform Electronic Transactions Act.
The Administration has expressed serious concerns about the bill passed by
the House of Representatives last week, and issued favorable statements
about a Senate bill, which will not come up for debate again until next
year.
Jun-Ichiro Miyazaki, Director of Computer Communications
Division, Telecommunications Business Department, Telecommunications
Bureau, MPT
Mr. Miyazaki pointed out that, because documentation is not required
for contracts in Japan, there is an argument that electronic signature
legislation was not necessary. Turning to his own experience, he said that
he had been thinking about buying a Volvo when he was stationed in the
U.S. He discovered a Japanese company on the Internet that could make the
necessary arrangements in Japan. Using an Internet map service, he looked
up the address of the company on the Internet and found that the company
was located in a residential area close to where he was going to live.
He saw a photograph of the office on the web, but was not sure that it was
an authentic picture, and so he gave up the idea of buying the Volvo
because there was no way that the company could prove it was authentic.
Thus, the company lost his business. This experience shows how important
it is to promote consumer confidence. Going back to the e signature issue
in Japan, he identified three elements of signature which must all
together be considered in regulation: the identity of the party (who),
what, and the intention to commit a legally significant act.
Fuminori Inagaki, Director, Computer and Communications Policy
Office, Machine and Information Industries Bureau, MITI
Japan, the United States, and Europe have different frameworks,
however, the larger goal of reliability seems the same. First, the basic
point is that electronic signatures should be given the same evidentiary
effect as a handwritten signature or seal and electronic contracts should
be valid and enforceable. Second, in the early stage of development there
should be recognition of all types of technologies. Particularly in the
EU directive, authentication of certification service providers is not
written in the law as a requirement. The same type of thinking is evident
in the Japanese government proposal, but not everyone in the government
shares this view. Third, there should be a predictable framework. In
concrete terms, can we construct a system with all the differences in
countries’ systems and practices? For example, the Japanese government
proposal indicates what kind of signatures should be presumed valid; this
may lead to a predictable framework, but it also may impede technical
advancement. Another approach would be that each case should be brought
to court. However, citizens must view both approaches as predictable and
understandable.
Mr. Maxwell
Mr. Maxwell responded that it is important to look at the Japanese
government’s documents and listen to the comments received in Japan and
from other countries. We need to look at what the appropriate role for
government use is. In the United States, what will the government use for
its transactions with citizens? There are two possible scenarios. First,
there may be a skewing of technology -- by making one technology safe and
squelching another. Second, there may be non-discrimination leading to
removal of trade barriers and no hindrances towards the development of
e-commerce. Interoperability is a necessity and we need to understand
what the appropriate government functions are.
Mr. Paulin
There already is national regulation by Member States, so there is now
a need for harmonization, not just within Europe, but with the rest of the
world.
Nigel Hickson, Head, Information Security Policy, U.K. Department
of Trade and Industry (via telephone)
Mr. Hickson described the proposed United Kingdom electronic signature
legislation published today, to be discussed in Parliament in December.
The bill sets up a voluntary scheme for cryptographic providers. The goal
is to create an industry-led, self-regulatory scheme, that would certify
or approve companies offering authentication services, such as
certification, authentication, and time stamping. The legislation also
provides explicit legal recognition of electronic signatures and no
discrimination between electronic signatures and advanced electronic
signatures. Further, all electronic signatures would be admissible in
court and whether an electronic signature was legally effective would be a
matter for the court to decide. The bill also introduces wide-ranging
power for government departments to permit e-government by recognizing
electronic signatures where there are references in legislation to
signatures or writings. There is the hope that in a few years time that
UK citizens will be able to apply for drivers’ licenses and passports and
file taxes electronically. Legal access to encryption keys was not
addressed in this bill, but will be pursued later this year.
- Expert Panel
Ruth Day, Executive Director, ILPF,
Moderator
Last April, ILPF set forth basic concepts (International Consensus
Principles) (http://www.ilpf.org/digsig/intlprin.htm)
as a framework for legislation that can work across borders: (1) a
minimalist approach to eliminate barriers; (2) respect for parties’
autonomy and freedom of contract -- consumers should be able to choose;
(3) there is a need to make laws for electronic authentication work across
borders, either through harmonization or mutual recognition; (4) avoid
discrimination; (5) technological neutrality, i.e., let the market drive
standards. In April, it was a real challenge to develop these principles.
It was not a matter of automatic agreement. Now, six months later,
however, the principles are not so controversial because all of us realize
the importance of e-commerce. Now any controversy is in the details.
Professor Takashi Uchida, Faculty of Law, Tokyo University
http://www.ilpf.org/events/keidanren/uchida/
There are two main approaches to developing legal systems. One
stresses the removal of legal obstacles (the minimalist approach) and the
other stresses preparing the legal infrastructure (the structural
approach). The minimalist approach allows electronic signatures to
satisfy the traditional legal requirements for written documents, such as
the Statute of Frauds and the Best Evidence Rule in the United States.
The UNCITRAL Model Law of 1996 was promulgated for this purpose. The
structural approach views the proper legal environment as necessary for
secure e-commerce. This view is reflected in the ABA guidelines and many
state laws. Currently, in the United States, the minimalist approach is
stronger, with a focus on technology neutrality, removing legal obstacles,
and placing electronic transactions on the same footing with paper
transactions.
Turning to Japan, there is an absence of the same kind of legal
requirements for written documents present in other systems, so even a
minimalist approach is not necessary. Under the Japanese Civil Procedure
Code's principle of discretion, a judge has the discretion to evaluate
evidence, i.e., there is no absolute requirement that an original document
be produced. Japanese law merely requires intent to form a contract.
However, normally, Japanese contracts are paper-based transactions and
seals (inkan) are very common, and are used to maintain the
security of the transactions. The Civil Procedure Code provides a
presumption of attribution, i.e., documents that are signed and sealed are
presumed valid. Under this provision, seals are, therefore, not an
obstacle to validity. There is no presumption about the identity of the
signator or inkan (seal) holder, merely that the document is
attributable to that person. If someone challenges the authenticity of a
seal, the relying party must prove that the seal was that of the
originator. Thus, there is a high threshold that must be met to use the
presumption.
There is a high degree of security in paper-based transactions,
achieved through inkan registration (where local public offices
issue certificates guaranteeing the identity of a seal-holder) and
commercial registration systems (supervised by the Ministry of Justice).
Perhaps these systems can be used for electronic systems. For example,
the inkan registration system is similar to a digital certification
scheme performed by the private sector with public supervision. In the
case of electronic signatures, an electronic signature with a certificate
attached could have the same effect as an inkan. Further, a court
could permit the signature even if it did not have a publicly supervised
certificate attached. Likewise, a certificate of commercial registration
guarantees the authenticity of a corporate representative. Digital
commercial registration would enable authority authentication via
electronic signature.
In deciding whether to regulate or to liberalize the legal environment,
there are two objectives to keep in mind. First is to remove obstacles to
free transactions. Second, is to create a structure to ensure a high
degree of security in transactions. The trend expressed at UNCITRAL is
liberalization.
Stewart Baker, Attorney at Law, Steptoe and Johnson LLP
http://www.ilpf.org/events/keidanren/baker/
When people say that Japan is lagging behind in terms of e-commerce
legislation, maybe it is a good thing. Now countries and states that
passed the first legislation need to revise their laws. Also, Japan is
really ahead of other countries and states because of the
hanko/inkan system. Americans could not conceive of losing
their signature, but the Japanese could understand "losing" a
hanko or digital signature.
Mr. Baker spoke in detail about the U.S. experience with electronic
signature laws. In the first stage, there were prescriptive legislative
solutions (e.g., ABA, Utah, Washington). The assumption in these cases
was that everyone could rely on these laws, but the difficulty is that the
laws only apply in a small part of the world, however, e-commerce is
global. In the second stage, there were private authentication agreements
(e.g., credit card agreements). These agreements worked because of the
experience with agreements among banks and merchants, rather than laws.
Perhaps, there could be a global system for agreements. In the third
stage, there developed "iatrogenic" (second generation)
problems. Will prescriptive rules invalidate contracts? Next will be the
rise of consumer protection.
The following issues arise from the U.S. experience (Prof. Uchida
raised these as minimalist questions): (1) is an electronic signature
admissible in court proceedings?; (2) does it satisfy signature
requirements?; (3) will contracts about electronic signatures be
enforced (curing iatrogenic illness); (4) will strong technologies get the
benefit of special presumptions?; (5) what about consumer protection?
In the United States, the Uniform Electronic Transaction Act
("UETA") answers all of these questions: (1) electronic
signatures are admissible; (2) electronic signatures meet signature
requirements; (3) contracts about electronic signatures will be
enforced; (4) no special treatment for special technology, but courts can
take technology into account. UETA has been enacted in California. It has
been amended to take more care of consumers.
Although, this area is usually a matter of state law, the U.S. Congress
has the authority to regulate interstate commerce. Congress may adopt
legislation that could preempt state laws. The U.S. House of
Representatives has already passed HR 1714. A U.S. Senate bill is now
being delayed by some senators. These federal bills are similar to UETA
and provide that: (1) electronic signatures are admissible in court; (2)
electronic signatures satisfy signature requirements; (3) contracts
about electronic signatures will be enforced; (4) there are no
special presumptions for strong technology; (5) consumer protection
concerns have caused amendments.
Mr. Baker had the following questions for the Japanese participants:
(1) what assurances are there that all electronic signatures could be used
in Japanese (Prof. Uchida said that would not be a problem)?; (2) what
assurances are there for a global system using authentication that
contracts will be honored?; (3) What is the purpose of the presumption of
validity under the Japanese Civil Code ? Is it designed to give the same
power to an agent as to a principal, or does it presume that the
hanko belongs to the right person? Will this reason become an
excuse for unneeded or excessive regulation (which may be expensive)?
Even the best technology does not tell what is in someone’s head or give
the same moment of pause to appreciate the meaning of a signature or
hanko; (4) Will electronic signatures be more regulated than
hanko? Does the government regulate the uniqueness of
hanko? Does the government regulate who sells hanko? If
not, why make those requirements for electronic signatures?
Christopher Kuner, Attorney at Law, Morrison and Foerster LLP
http://www.ilpf.org/events/keidanren/kuner/
There has been an explosion in the last few years of legislative
interest in electronic authentication. This trend began in the United
States with the Utah Digital Signature Act of 1995. A number of countries
have passed or are considering some form of legislation or regulation.
There have been different areas of activity in this field: national
legislation, national administrative regulation, state regulation in
federal systems, and international organizations.1
Legislation has been enacted in almost every region in the world. In
Asia, Malaysia passed the Digital Signature Act of 1997, Singapore, the
Electronic Transactions Act of 1998, and South Korea has passed
legislation in 1995 and 1999. In Europe, Germany passed the Digital
Signature Law of 1997, Italy passed legislation in 1997, as did Austria in
1999. In North America, there has been legislative activity in almost
every state of the United States since 1995. Finally, in South America,
Argentina has issued various government decrees in 1997 and 1998, and
there are draft bills in Columbia, Ecuador, and other countries.
The ILPF surveys reveal a typology of legislation. First is the
"prescriptive approach" which limits the use of digital
signatures within a public key infrastructure (e.g., Argentina, Germany,
Italy, Malaysia, and Utah). Next, there is a "two-tiered"
approach where basic legal benefits are accorded all electronic
authentication mechanisms, but broader benefits are given to
"approved technologies" (e.g., Illinois, Singapore). Finally,
there is a "minimalist approach," which offers no detailed
standards, but focuses on granting basic legal recognition (e.g.,
Australian initiatives, many U.S. state laws).
The following lessons are to be learned. First, most legal rules for
handwritten signatures also work well for electronic ones. Second,
specific legal rules for electronic signatures, (e.g., for liability and
evidentiary presumptions) should be enacted with caution. Third, fixing a
technical standard, even if "voluntary," holds dangers.
Fourth, federal systems and international entities (e.g., the United
States and the European Union), have more difficulty in reaching
consensus, but their variety of approaches may ultimately prove an
advantage.
Mr. Kuner recommended the following Internet resources. For surveys:
ILPF Survey of International Electronic and Digital Signature Initiatives,
http://www.ilpf.org/digsig/survey.htm;
ILPF Survey of U.S. State Electronic and Digital Signature Legislative
Initiatives, http://www.ilpf.org/digsig/update.htm.
For collections of national materials: International, http://cwis.club.nl/~frw/people/hof/DS-lawsu.htm;
Germany, http://www.kuner.com; and the
United States, http://www.mbc.com/ecommerce.html.
- Discussion
Moderator, Ruth Day, Executive Director, ILPF
Ms. Day asked whether governments holding off in the development of
legislation might be an advantage, i.e., the early legislative efforts now
have to be reconsidered in light of technological developments?
Mr. Hickson
Perhaps the first person did get it wrong, but hopefully we are now
seeing the necessity for some regulation at a minimum. We have to be
careful in drafting legislation not to be too technology specific. The
German authorities are now realizing this and are currently amending their
legislation. In the United States, some of the early laws are now being
amended. Second, the EU directive can be a force for good or bad. Now we
have an agreed-upon directive, but that is not the end of the story. The
directive needs to be implemented in a liberal way.
Mr. Miyazaki
Lagging behind might be an advantage. While the U.S. approach is like
Homer’s Iliad, the Japanese approach is like haiku (short
Japanese poem with 17 syllables). One source of debate within the
Japanese government was how to achieve mutual recognition. Perhaps Japan
should import some ideas from the Iliad system to the haiku
system. Writing the Japanese policy in such detail may make it easier for
the United States and Europe to understand. The Japanese approach is
similar to UETA -- a digital signature can be proven by the efficacy of
the signature method, e.g., cryptography. However, in Japan, the
signature can be also proven by use of the presumption. However, Mr.
Miayzaki was not sure if the presumption was "too good". In the
case of expensive transactions, you must use a seal carefully, but Mr.
Miyazaki was not sure if the same can be conveyed electronically.
Further, the presumption is that the signature represents the party’s
intent to bind himself to an agreement, but it does not necessarily verify
the identity of the signer.
Mr. Inagaki
In Japan, we do not write down all the rules, but in this case, we
wanted to express our ideas with transparency so that the rest of the
world may understand. The legal presumption addresses the validity of the
contract, not the identity of a party. The seal is a physical
representation of authority, it can be used by anyone, but intent to
contract can only be ascribed to one party. A signature can only be used
by one person. Perhaps, a seal is more powerful than a signature.
Prof. Uchida
The idea of extending the presumption to electronic signatures is
nothing new to Japan or Japanese culture. For example, if I sign a
document, even if it is clear that I physically signed the document, but I
signed it impulsively, or I did not know what was in the document, it
would be difficult to prove that I did not have the intent to be bound.
The presumption embodies common sense and everyday experience, and so
there is no need for excessive regulation in this area.
Mr. Baker
In many cases, the legal presumption given to digital signatures
reflects the need to ensure proper identification of the parties.
However, in the case of Japan, the symbolic value of the signature, i.e.
that this is a serious and important commitment, is reflected in the legal
presumption of validity. Mr. Baker commented that if he were drafting a
regulation, he would ask if the particular technology conveys the
ceremonial weight of the transaction, not just ensures proper
identification.
Mr. Kuner
Mr. Kuner pointed out that the participants discussed hanko a
lot, but questioned whether it was really analogous to electronic
authentication. While hanko are only used for important commercial
transactions, electronic authentication is needed for many uses, such as
when computers talk to each other.
Mr. Miyazaki
The difficulty is that the Japanese legal system is based on both
hanko and handwritten signatures. The problem is that hanko,
handwritten signatures, and electronic signatures are similar, and
yet, different. For example, you cannot put a seal on someone’s picture
but you could have a digital camera which was capable of using a digital
signature to authenticate the picture for use in case of a traffic
accident. Another example, would be in the case of mobile phones, while
the telephone company knows that a particular phone is being used it is
not sure who is using the phone. A biometric system could be used to
verify the identity of the user. The intent of the government’s proposal
is to let the private sector develop these technologies.
Mr. Shima, NEC
Over the past year, GBDe has promulgated nine points in order to
promote e-commerce, and the work of the Authentication and Certification
Issue Group is now available on its home page. These recommendations,
which were submitted to governments, include: (1) the framework must be
secured; (2) legal effect should be given to electronic signatures; (3)
the development and utilization of cryptography should be liberalized; and
(4) private sector competition should be encouraged.
Mr. Yonekura, ECOM
ECOM was started in January 1996 when e-commerce was something about
which we knew little, and ECOM was given the mission to make it possible
by publishing guidelines and making as much information available as
possible. The guidelines reflect self-regulation by the private
sector, private sector-led development, and interoperability with other
systems.
- Closing Remarks
Masanobu Katoh, Chairperson, ILPF
Mr. Katoh was pleased that so many people were able to participate in
the workshop -- 260 participants were registered -- showing a high level
of interest. The workshop is especially timely, as it coincides with the
draft legislation prepared by the Japanese government. It is also
significant that the government has solicited public comment. Further, a
bill on e-commerce has been introduced in the United Kingdom, and a
directive is being developed by the European Union this week. There is
evidently a high level of interest in this topic all over the world.
Because Mr. Katoh lives and works in Washington, DC, he commented that
he is in a unique position to recognize the similarities and differences
between the United States and Japan. In June of this year at the OECD
workshop in Stanford, he spoke about hanko as one of the
differences in legal structure and culture, and about the need to
establish rules that recognize differences. However, he also noted that
there are more commonalties than differences among countries of the world.
Mr. Katoh expressed his thanks to the representatives of the Japanese
government who participated in the workshop. From the macro-perspective,
the Japanese proposal has much in common with other systems. If
regulation is needed, it should be kept at a minimum or provide legal
stability. This reflects a basic understanding that was made clear in the
proposal. This year in Japan we have seen rapid development in the area
of e-commerce. Mr. Katoh commented that he had the impression that Japan
was lagging behind, but it is now moving rapidly forward. Mr. Katoh also
commented that Japan is continuing in communication with the rest of the
world. Japan should not just listen to foreign views, but should send
information abroad to enhance interoperability and global understanding.
The focus on today’s workshop was on electronic signatures and
authentication, but ILPF is also active in other areas, such as
jurisdiction. ILPF has reported on the laws of several countries in the
world. Consumer and privacy protections are hot topics both in Japan, and
internationally, and ILPF hopes to join the international community in
examining these and other important matters.
Finally, Mr. Katoh expressed his thanks to all those people who made
the workshop possible, especially Keidanren who was responsible for the
workshop conference. He also express his thanks to Mr. Maxwell, Prof.
Uchida and the expert panel, Mr. Levinson, Mitsubishi Corp., Nifty,
Fujitsu, and all other ILPF members, and lastly, Ms. Day.
