German Consumer Association Denounces EU Draft Digital Signature Directive

Translation and Commentary by Christopher Kuner, Esq.

Morrison & Foerster LLP, Brussels

Translation copyright 1998 Christopher Kuner. Reproduction is permitted, provided that this translator's note, including the above copyright notice, is retained in its entirety.

Commentary: The following is a translation of a statement that appeared in the magazine "Verbraucherpolitische Korrespondenz", issue of April 28, 1998, p. 4. The statement criticizes an earlier draft of the EU Commission's Draft Directive on Electronic Signatures, the final version of which was released on May 13, 1998 and which is available on the Internet.  The criticisms of the draft demonstrate a number of salient elements in the German attitude toward the regulation of digital signatures:

• Because of stringent writing requirements in German law, German consumer protection advocates criticise the extension of legal recognition to all types of "electronic signatures"; rather, they would prefer that such recognition be limited to "digital signatures", i.e., those using asymmetric cryptography, which, it is felt, offer a higher degree of security, and which thus better correspond with the degree of security offered by written signatures.
• The criticism reflects the widespread view in Germany that the high technical standards for digital signatures in the German digital signature legislation should not be undercut by recognition of electronic and digital signatures which are regarded as offering "lesser" security, which in effect means those originating from outside Germany.
• The criticisms further demonstrate the gulf between the Anglo-American willingness to legally recognize electronic signatures as expressing the will of the parties, and the German law view which emphasizes other functions of the signature as well, such as its role in warning parties that they are about to enter into a legally-binding transaction.

Not mentioned in the statement is that German consumer advocates have praised the Directive's inclusion of liability rules, which are conspicuously absent in the German digital signature legislation.

Sales Contracts by Mouse Click?

Proposal from Brussels Endangers Consumers' Legal Position

According to the Bonn Central Committee of Consumer Associations (AgV), the EU Commission wants to introduce an electronic signature which can bring significant disadvantages for consumers. Under a draft prepared by DG XIII for a "Directive for Electronic Signatures", electronic signatures are supposed to have general legal effects, and basic concerns of consumer protection would not be taken into account. A mouse click should also in the future not have the same legal effect as a handwritten signature, according to the AgV. At the present time experience is lacking to grant electronic signatures the same legal and evidentiary value as written legal deeds. The draft directive also lacks sufficient safeguards to ensure that documents arrive at the recipient unchanged and so that an electronic signature can be reliably identified. The security level contemplated in the German digital signature legislation should also not be undercut in European legislation, according to the AgV.

Until now, conventional written form also serves the purpose of warning consumers of particular dangers and keeping them from rushing into, claim consumer protection advocates; for example, technical emphases in text passages are intended for this purpose. The AgV claims that similar safeguards for effective consumer protection are also necessary for the conclusion of electronic contracts. According to the AgV, the draft directive from Brussels in no way takes this into account and seems not to have been coordinated with DG XXIV, which has jurisdiction over consumer protection.

Moreover, the draft does not contain clear rules for secure identification of the communication partner. The Commission's suggestions for the security of "electronic signature procedures" which are contained in the present draft directive are insufficient in the AgV's view. In particular, there are no concrete requirements for a "security infrastructure" such as those contemplated in the German Digital Signature Law, under which such a security infrastructure is to be constructed by certification authorities and trusted instances. Such instances, which are licensed by the government, have, among others, the job of certifying digital signatures at the request of the user. Such digital signatures consists of a private and a public key. The certification authority is supposed, upon request, to certify unmistakably the attribution of a public key to a particular person. However, the certification authority is in no event supposed to be able to store or reconstruct the private key. The AgV rejects the EU Commission's plans to allow this in particular cases. Only a reliable security infrastructure can, in the opinion of the consumers associations, create trust in digital signatures and make possible wide use of electronic commerce.