OPEN SYSTEMS, FREE MARKETS AND REGULATION OF INTERNET COMMERCE - JANE K. WINN - 72 TULANE L. REV. 1177 (1998)
The term "digital signature" is a term of art used to denote an electronic signature that has been produced through public key cryptography.(79) In order to understand how digital signatures can operate as authentication procedures, it is necessary first to examine the basic functions of public key cryptography and how digital signatures are created.
Cryptography is the process of taking some information (called the plaintext) and passing it through an encryption process to produce an encrypted copy of the information (called the ciphertext) that can be decrypted and restored to the original plaintext through the application of the cipher key.(80)
Modern cryptography is based on encryption algorithms that apply mathematical keys to plain text to produce ciphertext.(81) The strength of a cryptographic key is measured by how hard it would be for an outsider to guess the key from the ciphertext. The longer the mathematical key used, in general, the more secure the encryption system will be from attack by outsiders.(82) The size of a cryptographic key is measured in bits, such as 56 bits or 128 bits.(83) The more samples of ciphertext that are available, the more information the cryptanalyst has to work with in trying to break a key.(84) Thus, an important principle of cryptographic key management is that keys should be retired at regular intervals and replaced with new keys.(85)
There are two main types of cryptography: conventional (also know as secret key or symmetric) and public key (also know as asymmetric or dual key).(86) With conventional cryptography, the same key is used to both encrypt and decrypt a message.(87) The great weakness of conventional cryptography is that the shared key must be kept private. If the sender and recipient of the message are not in direct personal contact, finding a system to distribute the keys securely will present considerable logistical problems. These problems are compounded by the need to retire the keys at regular intervals.
The U.S. military provides an excellent example of the complex logistics necessary to use conventional cryptography successfully. During the Cold War, secret keys were distributed by the U.S. government using couriers that were handcuffed to locked briefcases containing the keys. The couriers had neither the keys to the handcuffs nor the keys to the briefcases. If the courier did not arrive and turn over the contents of the briefcase intact, then the keys it contained would not be put into use.(88)
Such a system is hardly feasible in large-volume commercial contexts. If a single key is needed for each pair of individuals or organizations wishing to communicate securely, then within any large community an extraordinarily large number of keys must be generated and distributed to permit any one individual to communicate with any other individual at will. Development of a strong central administration system that would be necessary for private commercial applications is not likely to be feasible.(89)
Public key or asymmetric cryptography substantially solves the problem of key distribution. Public key cryptography is based on a mathematical breakthrough that permits the use of two different but related keys to be used to encrypt and decrypt messages.(90) One key (known as the public key) can be freely distributed and used by anyone. The other key, known as the private key, must be kept secure. Although the two keys have a mathematical relationship to each other, it is extremely difficult to use one key to guess the other.(91) A public key can be used to send a message to the holder of the private key. The sender is assured that no one other than the holder of the private key will be able to read the contents of the message.(92) Furthermore, the private key can be used to encrypt a message that the public key can be used to decrypt. This use of the keys permits a holder of the public key to be certain that a message came from no source other than a holder of the private key corresponding to the public key used to decrypt the message.(93)
One disadvantage of public key cryptography compared with symmetric key cryptography is that the process of encryption is more computationally intensive because of the complex mathematical algorithms necessary to produce the asymmetric keys. As a result, public key cryptography is not well suited for encrypting large messages. However, in cases where the contents of a message do not require a high degree of confidentiality but an authentication is needed, public key cryptography can be used to produce a "digital signature" that assures the recipient of the authenticity of the message and the integrity of the contents, without the guaranteed confidentiality of the text of the message.(94)
While public key cryptography solves the problem of key distribution because the public key can be published widely and distributed freely without compromising the security of the private key, significant key management problems remain. The most obvious is that the private key must remain confidential to prevent its unauthorized use. Equally onerous is the problem of determining whether a public key is really associated with the person who claims to be its owner.(95) Until a reliable, inexpensive key distribution system that facilitates identification of the private key holder is created, public key cryptography will probably not be very useful in electronic commerce applications.
The problem of reliable public key distribution could be solved by creating a "public key infrastructure." One model of a public key infrastructure is the "web of trust" idea, a popular public key encryption program.(96) In building a web of trust, each person may either certify the validity of a key or rely on another trusted party to certify the validity of a key.(97) As more people join the web of trust, the keys of people within the web will be certified by more and more other members of the web, building the trustworthiness of the association between any given public key and the real person who claims to be using it. This model works for loosely interacting communities, such as individuals seeking to protect the confidentiality of their e-mail communications.(98) However, the system is not well suited to the needs of electronic commerce, because determining whether to accept an electronic signature encrypted with a PGP public key requires knowledge of at least one of the certifying parties. Otherwise, there is no way to be sure that all of the certifying parties are not really all the same person trying to perpetrate a fraud.
A more common public key infrastructure involves the use of a certification authority. A certification authority is a trusted third party who is in the business of associating a public key with a particular individual.(99) The certification authority associates an individual with a public key by issuing a certificate that at a minimum contains a copy of the public key in question and the identity of the person associated with it. It may also include information about how long the certificate will be valid or special characteristics identifying the context in which the public key will be used. The certification authority then signs the certificate with its own digital signature.(100) In the ABA Digital Signature guidelines, the party requesting the issuance of the certificate is known as the "subscriber."(101) The person using the certificate to confirm the association between a public key and an individual is a "relying party."(102) Any relying party in possession of the certification authority's public key and the subscriber's certificate can now verify that a message has come from the subscriber of the certificate.
This merely begs the question of how relying parties know that they can trust the certification authority. Another certification authority could be set up to certify the first certification authority, and so on, but ultimately there will be a certification authority that is not certified by any other, known as the root certification authority.(103) What kind of root certification authority will inspire the confidence necessary to make digital signatures a viable authentication procedure for electronic commerce applications remains to be seen. Utah, in response to this perceived problem, enacted digital signature legislation authorizing the state to act as the root certification authority and providing for the licensing of certification authorities by the state.(104)
Building a public key infrastructure requires more than just a credible certification authority issuing certificates. To enhance the value of a certificate, a certification authority will need to provide a mechanism for subscribers to notify the certification authority that the security of the private key has been compromised and the certificate must be canceled. A subscriber should also be able to request the cancellation of a certificate if the subscriber has a policy of retiring key pairs on a regular basis in conformity with sound security practices. In addition, the certification authority will need a mechanism to revoke a certificate if it learns after issue that it was procured by fraud on the part of the subscriber. The certification authority will need to provide a means for prospective relying parties to check whether a certificate is still valid or has been revoked for these or any other reasons. The simplest method for providing this information to prospective relying parties is to create a "certificate revocation list." For a relying party to establish that its reliance was in fact reasonable, it will have to first check the certificate revocation list. If the certificate revocation list is maintained online, the software that verifies digital signatures with reference to certificates can be programmed to check the certificate revocation list at the same time as the comparison of
the keys is made and to display an error message if the certificate shows up as revoked.
The certification authority will want to limit its possible exposure to relying parties. One step towards achieving this goal is limiting the operational period of the certificate to a finite period of time. The certification authority may further limit the reasonable reliance of the relying party by specifying limits to the application of the digital signature in transactions. The most obvious reliance limit might be set on the value of the transactions for which the relying party can reasonably rely on the certificate. The policies governing the acceptable use of certificates can be specified in the certificate, and the software used by the various parties could be programmed to accept or reject certificates based on their compliance with certain policies.(105)
Certification authorities may establish different policies and procedures for associating individual persons with online identities. Certification practice statements that are disclosed to subscribers and potential relying parties provide certification authorities with a mechanism to explain the procedures that the certification authority will use in reviewing certification applications and issuing certificates. The certification authority may establish different classes of certificates with different prices and different degrees of scrutiny applied in reviewing the application.(106)
Even when digital signatures are used within a system that includes a fully operational public key infrastructure, it is unclear whether in practice such a system will meet the needs of parties to online commercial transactions. An authentication procedure that securely binds the operation of an encryption program located on a specific machine with an online identity would not be as useful to a prospective trading partner as an authentication procedure that binds a human being that can be held legally accountable for his or her actions to an online identity. The binding of a human being to the software program that manages the digital signature technology is a problem that has not yet been widely addressed, because most commercial applications of digital signature technology were still in development by early 1998.
PGP, a digital signature program that has been widely available in one form or another since the late 1980s, uses a "pass phrase" as an authentication procedure to grant access to the digital signature program. A pass phrase may be longer than a password, such as the standard eight character passwords used in UNIX operating systems, and therefore may be harder to guess; however, any PIN, password, or pass phrase remains susceptible to brute force attacks in which a computer is programmed to try all possible combinations until it has been guessed. If the password is stored in encrypted forms, the brute force attack will take longer but is still possible if the attacker has access to the encryption algorithm used to encrypt the password. If a password is written out and found by the interloper, or is disclosed to the interloper over the telephone in what the user thinks is a conversation with a system administrator, a brute force attack is not necessary.
The Counsel Connect online service for attorneys began making PGP 5.0 available to its subscribers without additional charge in 1997. This version of PGP used only an eight character password to safeguard the private key. This digital signature program has a user-friendly interface designed to make encryption easier for users to add to their e-mail messages sent from the Counsel Connect server, yet the interface of this program provides limited guidance on maintaining the security of private keys to new users unfamiliar with the problems of computer security. The key generation module of the program contains virtually no information whatsoever on computer security issues; the help module of the program provides some help if the user knows enough to seek its guidance on how to protect private keys.(107)
If, within a computer, the private key that generates the digital signature is stored in the same location as the digital signature application, then an interloper who has access to that location of the password also has the ability to execute unauthorized digital signatures. There are several methods by which an interloper might gain access to a digital signature application without the legitimate user's knowledge.(108) Perhaps the most obvious is when a service technician is given access to the computer. There also is the possibility of a "rogue applet"(109) entering the user's computer through a network connection.(110) Such a rogue applet might be programmed to copy certain files and upload them to a remote location without the local user's knowledge. In addition, software support companies are developing technology that either captures large amounts of information off the local user's computer and transmits it back to the software support company's system or that permits the software support company's system to take over the local user's machine entirely.(111) Uploading information about the local machine's configuration will permit the support provider to diagnose and solve problems more easily, which is a perfectly legitimate business objective given the virtually infinite variety of different applications and peripherals that might be part of the local user's system. However, the programs that upload this information are not currently designed to inform the local user what information is being uploaded; or to prevent the transfer of information that the user might wish to protect.(112) Similarly, applications that grant root access on the local computer to the remote service organization do not have any mechanism for the local user to review or stop the actions of the remote service organization. Many of these security risks can be controlled by storing the private key off the system; however, it is unclear whether this prudential standard will be adopted by the developers of digital signature applications.
Given the weaknesses inherent in any form of authentication procedure, attention has been focused on developing systems that use a combination of authentication procedures together to reduce the probability of unauthorized use. For example, a biometric authentication procedure such as a fingerprint scan might be required to access the application that generates the user's digital signature. Likewise, a smartcard bearing a secret key can be used to encrypt a password that is transmitted to a computer system through a card reader.(113)
The smart card then forms a sort of "firewall" to protect against interlopers whose only point of access is within the computer system trying to invoke the digital signature application. While such combination authentication procedures may be more expensive to implement than digital signature authentication procedures based on software applications alone, the higher initial investment may be more than offset by an overall reduction in fraud losses.(114)
UTAH DIGITAL SIGNATURE ACT (1996)
--------------------
TITLE, INTERPRETATION, AND DEFINITIONS
46-3-101. Title.
Statute text
This chapter is known as the "Utah Digital Signature Act."
46-3-102. Purposes and construction.
Statute text
This chapter shall be construed consistent with what is commercially reasonable under the circumstances and to effectuate the following purposes:
(1) to facilitate commerce by means of reliable electronic messages;
(2) to minimize the incidence of forged digital signatures and fraud in electronic commerce;
(3) to implement legally the general import of relevant standards, such as X.509 of the International Telecommunication Union (formerly International Telegraph and Telephone Consultative Committee or CCITT); and
(4) to establish, in coordination with multiple states, uniform rules regarding the authentication and reliability of electronic messages.
46-3-103. Definitions.
Statute text
For purposes of this chapter, and unless the context expressly indicates otherwise:
(1) "Accept a certificate" means:
(a) to manifest approval of a certificate, while knowing or having notice of its contents; or
(b) to apply to a licensed certification authority for a certificate, without canceling or revoking the application, if the certification authority subsequently issues a certificate based on the application.
(2) "Asymmetric cryptosystem" means an algorithm or series of algorithms which provide a secure key pair.
(3) "Certificate" means a computer-based record which:
(a) identifies the certification authority issuing it;
(b) names or identifies its subscriber;
(c) contains the subscriber's public key; and
(d) is digitally signed by the certification authority issuing it.
(4) "Certification authority" means a person who issues a certificate.
(7) "Certify" means the declaration of material facts by the certification authority regarding a certificate.
(10) "Digital signature" means a transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer's public key can accurately determine whether:
(a) the transformation was created using the private key that corresponds to the signer's public key; and
(b) the message has been altered since the transformation was made.
(11) "Division" means the Division of Corporations and Commercial Code within the Utah Department of Commerce.
(22) "Private key" means the key of a key pair used to create a digital signature.
(23) "Public key" means the key of a key pair used to verify a digital signature.
LICENSING AND REGULATION OF CERTIFICATION AUTHORITIES
46-3-201. Licensure and qualifications of certification authorities.
Statute text
(1) To obtain or retain a license a certification authority shall:
(a) be the subscriber of a certificate published in a recognized repository;
(b) employ as operative personnel only persons who have not been convicted of a felony or a crime involving fraud, false statement, or deception;
(c) employ as operative personnel only persons who have demonstrated knowledge and proficiency in following the requirements of this chapter;
(d) file with the division a suitable guaranty, unless the certification authority is the governor, a department or division of state government, the attorney general, state auditor, state treasurer, the judicial council, a city, a county, or the Legislature or its staff offices provided that:
(i) each of the above-named governmental entities may act through designated officials authorized by ordinance, rule, or statute to perform certification authority functions; and
(ii) one of the above-named governmental entities is the subscriber of all certificates issued by the certification authority;
(e) have the right to use a trustworthy system, including a secure means for controlling usage of its private key;
(f) present proof to the division of having working capital reasonably sufficient, according to rules of the division, to enable the applicant to conduct business as a certification authority;
(g) maintain an office in Utah or have established a registered agent for service of process in Utah; and
(h) comply with all other licensing requirements established by division rule.
(2) The division shall issue a license to a certification authority which:
(a) is qualified under Subsection (1);
(b) applies in writing to the division for a license; and
(c) pays the required filing fee.
(3) (a) The division may classify and issue licenses according to specified limitations, such as a maximum number of outstanding certificates, cumulative maximum of recommended reliance limits in certificates issued by the certification authority, or issuance only within a single firm or organization.
(b) A certification authority acts as an unlicensed certification authority when issuing a certificate exceeding the limits of the license.
(4) (a) The division may revoke or suspend a certification authority's license for failure to comply with this chapter, or for failure to remain qualified pursuant to Subsection (1).
(b) The division's actions under this subsection are subject to the procedures for adjudicative proceedings in Title 63, Chapter 46b, Administrative Procedures Act.
(5) The division may recognize by rule the licensing or authorization of certification authorities by other governmental entities, provided that those licensing or authorization requirements are substantially similar to those of this state. If licensing by another governmental entity is so recognized:
(a) Part 4 of this chapter, which relates to presumptions and legal effects, applies to certificates issued by the certification authorities licensed or authorized by that governmental entity in the same manner as it applies to licensed certification authorities of this state; and
(b) the liability limits of Section 46-3-309 apply to the certification authorities licensed or authorized by that governmental entity in the same manner as they apply to licensed certification authorities of this state.
(6) Unless the parties provide otherwise by contract between themselves, the licensing requirements in this section do not affect the effectiveness, enforceability, or validity of any digital signature except that Part 4 of this chapter does not apply to a digital signature which cannot be verified by a certificate issued by a licensed certification authority. Further, the liability limits of Section 46-3-309 do not apply to unlicensed certification authorities.
46-3-203. Enforcement of requirements for licensed certificate authorities.
Statute text
(1) The division may investigate the activities of a licensed certification authority material to its compliance with this chapter and issue orders to a certification authority to further its investigation and insure compliance with this chapter.
(2) As provided in Section 46-3-201, the division may restrict a certification authority's license for its failure to comply with an order of the division, or may suspend or revoke the license of a certification authority.
(3) Any person who knowingly or intentionally violates an order of the division issued pursuant to this section or Section 46-3-204 is subject to a civil penalty of not more than $5,000 per violation or 90% of the recommended reliance limit of a material certificate, whichever is less.
(4) The division may order a certification authority in violation of this chapter to pay the costs incurred by the division in prosecuting and adjudicating proceedings relative to, and in enforcement of, the order.
(5) Pursuant to Title 63, Chapter 46b, Administrative Procedures Act:
(a) the division shall exercise its authority under this section in accordance with procedures for adjudicative proceedings;
(b) a licensed certification authority may obtain judicial review of the division's actions under this section; and
(c) if the division seeks injunctive relief, as provided in Section 46-3-204, to compel compliance with any of its orders, the division may collect the cost of enforcement as provided in Subsection 63-46b-19(1)(d)(iii).
DUTIES OF CERTIFICATION AUTHORITY AND SUBSCRIBER
46-3-301. General requirements for certification authorities.
Statute text
(1) A licensed certification authority or subscriber shall use only a trustworthy system:
(a) to issue, suspend, or revoke a certificate;
(b) to publish or give notice of the issuance, suspension, or revocation of a certificate; and
(c) to create a private key.
(2) A licensed certification authority shall disclose any material certification practice statement, and any fact material to either the reliability of a certificate which it has issued or its ability to perform its services. A certification authority may require a signed, written, and reasonably specific inquiry from an identified person, and payment of reasonable compensation, as conditions precedent to effecting a disclosure required in this subsection.
46-3-309. Recommended reliance limits and liability.
Statute text
(1) By specifying a recommended reliance limit in a certificate, the issuing certification authority and the accepting subscriber recommend that persons rely on the certificate only to the extent that the total amount at risk does not exceed the recommended reliance limit.
(2) Unless a licensed certification authority waives application of this subsection, a licensed certification authority is:
(a) not liable for any loss caused by reliance on a false or forged digital signature of a subscriber, if, with respect to the false or forged digital signature, the certification authority complied with all material requirements of this chapter;
(b) not liable in excess of the amount specified in the certificate as its recommended reliance limit for either:
(i) a loss caused by reliance on a misrepresentation in the certificate of any fact that the licensed certification authority is required to confirm; or
(ii) failure to comply with Section 46-3-302 in issuing the certificate;
(c) liable only for direct, compensatory damages in any action to recover a loss due to reliance on the certificate, which damages do not include:
(i) punitive or exemplary damages;
(ii) damages for lost profits, savings, or opportunity; or
(iii) damages for pain or suffering.
EFFECT OF A DIGITAL SIGNATURE
46-3-401. Satisfaction of signature requirements.
Statute text
(1) Where a rule of law requires a signature, or provides for certain consequences in the absence of a signature, that rule is satisfied by a digital signature if:
(a) that digital signature is verified by reference to the public key listed in a valid certificate issued by a licensed certification authority;
(b) that digital signature was affixed by the signer with the intention of signing the message; and
(c) the recipient has no knowledge or notice that the signer either:
(i) breached a duty as a subscriber; or
(ii) does not rightfully hold the private key used to affix the digital signature.
(2) Nothing in this chapter precludes any symbol from being valid as a signature under other applicable law, including Uniform Commercial Code, Subsection 70A-1-201(39).
(3) This section does not limit the authority of the State Tax Commission to prescribe the form of tax returns or other documents filed with the State Tax Commission.
46-3-402. Unreliable digital signatures.
Statute text
Unless otherwise provided by law or contract, the recipient of a digital signature assumes the risk that a digital signature is forged, if reliance on the digital signature is not reasonable under the circumstances. If the recipient determines not to rely on a digital signature pursuant to this section, the recipient shall promptly notify the signer of its determination not to rely on the digital signature.
46-3-403. Digitally signed document is written.
Statute text
(1) A message is as valid, enforceable, and effective as if it had been written on paper, if it:
(a) bears in its entirety a digital signature; and
(b) that digital signature is verified by the public key listed in a certificate which:
(i) was issued by a licensed certification authority; and
(ii) was valid at the time the digital signature was created.
(2) Nothing in this chapter precludes any message, document, or record from being considered written or in writing under other applicable state law.
46-3-404. Digitally signed originals.
Statute text
A copy of a digitally signed message is as effective, valid, and enforceable as the original of the message, unless it is evident that the signer designated an instance of the digitally signed message to be a unique original, in which case only that instance constitutes the valid, effective, and enforceable message.
46-3-406. Presumptions in adjudicating disputes.
Statute text
In adjudicating a dispute involving a digital signature, a court of this state shall presume that:
(1) a certificate digitally signed by a licensed certification authority and either published in a recognized repository or made available by the issuing certification authority or by the subscriber listed in the certificate is issued by the certification authority which digitally signed it and is accepted by the subscriber listed in it;
(2) the information listed in a valid certificate, as defined in Section 46-3-103, and confirmed by a licensed certification authority issuing the certificate is accurate;
(3) if a digital signature is verified by the public key listed in a valid certificate issued by a licensed certification authority:
(a) that the digital signature is the digital signature of the subscriber listed in that certificate;
(b) that the digital signature was affixed by the signer with the intention of signing the message; and
(c) the recipient of that digital signature has no knowledge or notice that the signer:
(i) breached a duty as a subscriber; or
(ii) does not rightfully hold the private key used to affix the digital signature; and
(4) a digital signature was created before it was time stamped by a disinterested person utilizing a trustworthy system.
EU Digital Signature Law - review this most recent initiative
Article 1
Scope
This Directive covers the legal recognition of electronic signatures.
It does not cover other aspects related to the conclusion and validity of contracts or other non-contractual formalities requiring signatures.
It establishes a legal framework for certain certification services made available to the public.
Article 2
Definitions
For the purpose of this Directive:
(1) "electronic signature" means a signature in digital form in, or attached to, or logically associated with, data which is used by a signatory to indicate his approval of the content of that data and meets the following requirements:
(2) "signatory" means a person who creates an electronic signature;
(3) "signature creation device" means unique data, such as codes or private cryptographic keys, or a uniquely configured physical device which is used by the signatory in creating an electronic signature;
(4) "signature verification device" means unique data, such as codes or public cryptographic keys, or a uniquely configured physical device which is used in verifying the electronic signature;
(5) "qualified certificate" means a digital attestation which links a signature verification device to a person, confirms the identity of that person and meets the requirements laid down in Annex I;
(6) "certification service provider" means a person who or an entity which issues certificates or provides other services related to electronic signatures to the public;
(7) "electronic signature product" means hardware or software, or relevant components thereof, which are intended to be used by a certification service provider for the provision of electronic signature services.
Article 3
Market access
1. Member States shall not make the provision of certification services subject to prior authorization.
2. Without prejudice to the provisions of paragraph 1, Member States may introduce or maintain voluntary accreditation schemes aiming at enhanced levels of certification service provision. All conditions related to such schemes must be objective, transparent, proportionate and non-discriminatory. Member States may not limit the number of certification service providers for reasons which fall under the scope of this Directive.
3. The Commission may, in accordance with the procedure laid down in Article 9, establish and publish reference numbers of generally recognized standards for electronic signature products in the Official Journal of the European Communities. Member States shall presume compliance with the requirements laid down in point (e) of Annex II when an electronic signature product meets those standards.
4. Member States may make the use of electronic signatures in the public sector subject to additional requirements. Such requirements shall be objective, transparent, proportionate, and non-discriminatory, and shall only relate to the specific characteristics of the application concerned.
Article 4
Internal Market principles
1. Each Member State shall apply the national provisions it adopts pursuant to this Directive to certification service providers established on its territory and to the services they provide. Member States may not restrict the provision of certification services which originate in another Member State in the fields covered by this Directive.
2. Member States shall ensure that electronic signature products which comply with this Directive are permitted to circulate freely in the Internal Market.
Article 5
Legal effects
1. Member States shall ensure that an electronic signature is not denied legal effect, validity and enforceability solely on the grounds that the signature is in electronic form, or is not based upon a qualified certificate, or is not based upon a certificate issued by an accredited certification service provider.
2. Member States shall ensure that electronic signatures which are based on a qualified certificate issued by a certification service provider which fulfils the requirements set out in Annex II are, on the one hand, recognized as satisfying the legal requirement of a hand written signature, and on the other, admissible as evidence in legal proceedings in the same manner as hand written signatures.
Article 6
Liability
1. Member States shall ensure that, by issuing a qualified certificate, a certification service provider is liable to any person who reasonably relies on the certificate for:
2. Member States shall ensure that a certification service provider is not liable for errors in the information in the qualified certificate that has been provided by the person to whom the certificate is issued, if it can demonstrate that it has taken all reasonably practicable measures to verify that information.
3. Member States shall ensure that a certification service provider may indicate in the qualified certificate limits on the uses of a certain certificate. The certification service provider shall not be liable for damages arising from a contrary use of a qualified certificate which includes limits on its uses.
4. Member States shall ensure that a certification service provider may indicate in the qualified certificate a limit on the value of transactions for which the certificate is valid. The certification service provider shall not be liable for damages in excess of that value limit.
5. The provisions of paragraphs 1 to 4 shall be without prejudice to Council Directive 93/13/EEC
Article 7
International aspects
1. Member States shall ensure that certificates issued by a certification service provider established in a third country are recognized as legally equivalent to certificates issued by a certification service provider established within the Community:
2. In order to facilitate cross-border certification services with third countries and legal recognition of electronic signatures originating in third countries, the Commission will make proposals where appropriate to achieve the effective implementation of standards and international agreements applicable to certification services. In particular and where necessary, it will submit proposals to the Council for appropriate mandates for the negotiation of bilateral and multilateral agreements with third countries and international organizations. The Council shall decide by qualified majority.
Article 8
Data protection
1. Member States shall ensure that certification service providers and national bodies responsible for accreditation or supervision comply with the requirements laid down in Directives 95/46/EC and 97/66/EC of the European Parliament and of the Council.
2. Member States shall ensure that a certification service provider may collect personal data only directly from the data subject and only in so far as it is necessary for the purposes of issuing a certificate. The data may not be collected or processed for other purposes without the consent of the data subject.
3. Member States shall ensure that, at the signatory's request, the certification service provider indicates in the certificate a pseudonym instead of the signatory's name.
4. Member States shall ensure that, in the case of persons using pseudonyms, the certification service provider shall transmit the data concerning the identity of those persons to public authorities upon request and with the consent of the data subject. Where according to national law the transfer of the data revealing the identity of the data subject is necessary for the investigation of criminal offences relating to the use of electronic signatures under a pseudonym, the transfer shall be recorded and the data subject informed of the transfer of the data relating to him as soon as possible after the investigation has been completed.
ANNEX I
Requirements for qualified certificates
Qualified certificates must contain:
ANNEX II
Requirements for certification service providers
Certification service providers must: