A text transcription follows.
This transcript is for anyone with a hearing impairment or who for any other reason cannot listen to the MP3 audio file.
The following is the text spoken by OUT-LAW journalist Matthew Magee.
Hello and welcome to OUT-LAW Radio, where we hope to keep you up to date with the latest news and the most fascinating features from the world of Technology Law.
My name is Matthew Magee, and this week we ask: whatever happened to digital signatures?
But first, here are the top stories from OUT-LAW.COM, where you can read breaking Technology Law news throughout the week.
Google launches behavioural advertising
and
Newspapers have indefinite liability for online defamation.
Google has launched a behavioural advertising system which will track users' online activity to display to them adverts it thinks will be more relevant. The company said users will be alerted to the activity through labels on ads.
Google's system initially will work only on its YouTube video sharing site and on websites which use its AdSense technology to choose and display ads. Searches at Google.com will not be affected during the pilot phase.
Google said that it recognised that tracking systems raise privacy concerns and that it was "committed to transparency and user choice".
Google said that users could find out about the tracking at its Privacy Center; from clicking on the 'ads by Google' notice on ads themselves; and at its Ad Preferences Manager, though it is not clear how users will be informed of the practice in the first place.
Publishers' indefinite liability for defamatory material in their online archives is not a restriction on their rights to free speech, the European Court of Human Rights (ECHR) has ruled. The decision backs a 160-year-old rule of English law.
The Times newspaper had argued that the burden of indefinite liability was so onerous that it would have a 'chilling effect' on archive publishers, but the Court has reaffirmed that a new defamation action can be taken every time online defamatory material is accessed.
The Times had said that this created 'ceaseless liability' for newspaper publishers and that this would result in a restriction on free speech.
Those were some of the top stories from OUT-LAW News.
Ten years ago the world was in the grip of dotcom fever. The internet was transforming our lives and our businesses in startling ways - we could barely keep up, never mind predict future innovations.
One problem that worried lawyers and governments was this: if all business processes - procurement, supply, negotiation, deal-making – was going to be done electronically, how would people know who they were doing business with? How would they sign contracts? Without face to face contact, reams of paper contracts and the personal touch that oils the wheels of business, would commerce grind to a shuddering halt amidst a flurry of collapsed deals and disputed contracts?
The European Union was so concerned that it created an entire directive designed to tackle the problem. The electronic signatures directive ended up in UK Law in 2000's Electronic Communications Act and 2002's Electronic Signatures Regulations.
Part of that directive was the creation of Certification Service Providers, or CSPs. These were companies which issued certificates which act as evidence that an electronic signature is authentic. It was envisaged that all sorts of CSPs would pop up, that organisations we already trust such as banks or the Post Office would issue certificates to all and sundry as they merrily conducted all sorts of verified, authenticated, digitally signed online business.
Ten years later, the situation is somewhat different to that pictured by the Eurocrats. The UK is not awash with digital signature certificates, deals are often still done on paper and CSPs do not abound. In fact, the government's register of CSPs contains just one provider: British Telecom.
Jon fell is a Technology lawyer with Pinsent Masons, the law firm behind OUT-LAW. He followed the emergence of e-signature legislation, and says that it all started with worries about the admissibility of electronic signatures in court.
Jon Fell: I think you need to put it into the context of what was going on at the time in the mid and late 1990s and there was a lot of concern as to whether an electronic document and an electronic signature would actually be admissible. I think governments in the UK and in Europe and of course the EU Commission all realised that electronic commerce and transacting business electronically was going to be something very much of the future and they wanted to make sure that people were able to do that with the certainty that they knew who they were dealing with and that they could rely on the electronic communications. So I think that was why there was a need for there to be some legislation with regard to electronic signatures. Just to make it clear that they would be enforceable throughout the EU.
Context is everything, though, and there were two factors at work in the UK that undermined the idea that CSPs would proliferate. The first was just a basic fact of UK contract law. Signatures – digital or not - are rarely actually needed.
Jon Fell: The position in the UK is slightly different to that in continental Europe in that most contracts don’t need to be in writing at all and there is very limited times when you actually need to have something signed. What you do need to have is the essential elements of a contract there has to be one party making an offer which is then accepted, there has to be consideration, there has to be a certainty, but provided those elements are present then you can have a binding contract. Large contracts and contracts between organisations are often put in writing really for certainty rather than any legal requirements.
The other factor at work here was the view of a hugely influential Law Commission report. It, too, was worried about whether electronic signatures would count in court or not, so it investigated. The results were helpful to business, but not to any burgeoning signature certification industry.
Jon Fell: There was the Law Commission advice which was published in December 2001 which looked at the formalities in electronic commerce and in particular looked at the question of written documents and signatures and it decided that what you should look at is what is the intention behind a signature. A signature is intended to identify an individual and to associate that with a document or to indicate the individual’s approval of a document and the Law Commission said quite rightly that if you look at the way in which signatures have been used over the years they haven’t always just been someone writing down their name and address but people have used stamped signatures, people have used crosses and actually there had been a case back in 1995 which looked at faxed signatures and said they were valid and they saw no reason why that shouldn’t be the case with electronic signatures and in fact they looked at all different types of electronic signatures and the law commission came to the view that virtually every form of electronic signature you can think of would be enforceable, the only question would be how much you can rely upon it.
Then what were CSPs meant to be for, then? Well, the Law Commission recognized that there are certain kinds of deals or transactions where people will want greater security and reliability. It is for these that certified signatures are most likely to be used.
Jon Fell: Digital signatures are ones which use the public key infrastructure which is a form of encryption. A certification service provider is the party which issues the necessary encryption keys to individuals and is responsible for checking the identity of the individuals whose signatures are being used. And the role that they perform, if you like, is that of a trusted third party. What the Electronic Signatures Regulations and the Directive did was to create an advanced electronic signature which would have exactly the same effect as a manuscript signature so it would be treated in exactly the same way as if you signed the document yourself.
So what happened? Why did these highly reliable signatures not take off? Fell says that the business world proved more flexible than people had predicted, and has found many ways to authenticate a transaction.
Jon Fell: One of the reasons that digital signatures haven’t take off in the way that they thought that they might is that technology has moved on and people have decided that there are other ways of authenticating each other and making sure that they are dealing with the correct individuals. A lot of that has revolved around the use of passwords and some form of token or electronic means of identification which is an item which is held by the individual which is then plugged into a computer to show that they actually have the device in their possession. People have relied on portals but also I think one of the big things is that of course with large contracts people still want to negotiate that necessitates meetings and necessitates the discussions and there are a lot of documents that are still or agreements that are still entered into in paper.
And companies didn't rush into the cusp market and promote the signatures because to become a CSP was quite a burden.
Jon Fell: I think the big problem is that in order to issue them you have to go through the verification of the individual who is using the device. Originally it was thought the banks and Post Offices will be ideally placed to do this but there hasn’t been the take up with the public to have their own individual signatures verified by people. That doesn’t mean that digital signatures aren’t used, they are used all the time but they are not used in the way in which the qualified certificates were going to be issued.
So was it all a terrible waste of time and EU legislation? Fell thinks not. He said that though the UK is not packed with CSPs, The existence of EU Law on electronic signatures forced the issue and made UK and European authorities address a potential problem.
Jon Fell: It wasn’t a waste of time, I think it wasn’t a waste of time for two reasons. First of all, the UK is very different from continental Europe. The position here isn’t the same in every member state and what was needed was something to drive a position that meant that electronic commerce could flourish throughout the EU, and the other reason that it wasn’t a waste of time is that these issues needed to be addressed. The fact that the Law Commission came up with very influential and persuasive advice is they have actually, there isn’t an issue with this in the UK still need to be addressed and the whole legislative programme forced that to happen.
That's all we have time for this week, thanks for listening. Why not get in touch with OUT-LAW Radio? Do you know of a technology law story? We'd love to hear from you on radio@out-law.com. Make sure you tune in next week but for now, goodbye.