Overview of (1) electronic signature
In traditional transactions, people often sign autographs to ensure the authenticity and validity of the identity of the parties to the contract and the consistency of the expression of will. At the same time, autograph is also a requirement of many laws. For example, Article 32 of China's Contract Law stipulates: "If the parties conclude a contract in the form of a contract, the contract is established when both parties sign or seal it." Article 4 of China's "Negotiable Instruments Law" stipulates: "When making a negotiable instrument, the drawer of the instrument shall sign the instrument in accordance with legal conditions and bear the liability of the instrument according to the recorded items. When exercising the rights of negotiable instruments, the holder shall sign and sign the instrument in accordance with legal procedures and produce the instrument. " However, in the e-commerce environment, because the two parties to the contract may be thousands of miles apart, or even have never met in the whole transaction process, the traditional autograph method is difficult to apply to electronic transactions. However, the function of traditional signature, especially its function of proving the authenticity and integrity of the contract, is still of great value to e-commerce which has been troubled by network security problems. Therefore, in the e-commerce environment, the requirement of signature should not be abandoned, but should be strengthened and more effectively guaranteed. Of course, the signature mentioned here is no longer a traditional autograph, but an "Electronic signature" (electronic
Signature).
Singapore Electronic Transactions Act (1998)
1998, SETA) has made relevant provisions on electronic signature and digital signature. It defines an electronic signature as "any letter, alphanumeric or other symbol attached to or logically associated with an electronic record in digital form, and the electronic signature is executed or adopted to prove or approve the electronic record"; Digital signature (digital
Signature) is defined as: "By using asymmetric encryption system and encryption function.
Function) to convert the electronic signature of electronic records ". It can be seen that digital signature is a kind of electronic signature. According to the draft uniform rules for electronic signatures promulgated by the Working Group on Electronic Commerce of the United Nations Commission on International Trade Law (draft) (1999)
electronic
Signature) Article 1 stipulates: "'electronic signature' refers to the data that exists in the data information in electronic form, or is attached to the data information, or is logically related to it, and can be used to identify the identity of the data signer and show the signer's approval of the information contained in the data information". The author thinks that this definition is worth learning from our legislation.
The main purpose of electronic signature is to confirm the identity of the sender of the data message through technical means, to ensure that the content of the transmitted file has not been tampered with, and to solve the problem that the sender denies having sent or received the information afterwards. [1] Electronic signature is an important innovative concept in law. As a legal summary of electronic authentication technology, it has been recognized by many countries. At present, there are three main modes of electronic signature in the world:
First, smart card mode. Smart card is an IC card with embedded microcontroller chip, which stores digital information about itself. When using a smart card, users only need to scan the scanner of the computer and then enter their own password.
Second, the password mode. Users can set their own passwords, which can be a combination of numbers or characters. Some units also provide hardware for users to store their signatures on electronic boards with electronic pens. The electronic board can not only record the shape of the signature, but also record the strength of the user's signature and the speed of typing to prevent others from stealing the signature.
Third, the biometric model. Based on the physiological characteristics of users, this method digitally recognizes fingerprints, faces and so on. Users through computers.
With the development of e-commerce, in order to eliminate the legal obstacles of e-commerce, many countries have begun to study the issue of electronic signature. The Working Group on Electronic Commerce of the United Nations Commission on International Trade Law has always taken Uniform Rules for Electronic Signatures as the title of the draft, which has been unanimously recognized by many countries. The relevant directives of the European Union also focus on "electronic signature". Since 1995, the first electronic signature law in the world, the Digital Signature Law, was promulgated in Utah, USA, so far, the e-commerce legislation of various countries includes the Digital Signature Law and Regulations of Germany, the Electronic Signature Law of the United States, the Digital Signature Law of Italy, the Electronic Signature Law of Ireland, the Digital Signature Law of Malaysia and so on. From the content point of view, these laws mainly focus on electronic signature (digital signature) and relevant provisions of certification bodies, and most legislative documents are directly titled "electronic signature" or "digital signature". Electronic signature law can not only solve the basic problems such as the legal effect of electronic contracts, the distribution of risks and responsibilities in electronic transactions, but also effectively safeguard the economic interests of the country in e-commerce activities, so it occupies an extremely important position in the whole e-commerce legal system.
(2) the legal effect of electronic signature
Because the electronic contract may not have the written text of the traditional contract, the traditional handwritten signature method is replaced by electronic signature. Just as a traditional contract can only take effect if both parties sign and seal it, if the electronic signature has no legal effect, it can't make the electronic contract take effect. In traditional contracts, the act of autograph or seal has two main functions: one is to show the true identity of the parties to the contract; The second is to show that the parties to the contract are willing to be bound by the contract. However, in e-commerce activities, the traditional signature method is difficult to apply to this kind of electronic transaction. Therefore, people began to use electronic signatures to prove each other's identities.
The biggest obstacle to signing an electronic contract is technology, which means that the existing technology can't make the parties as convenient and simple as signing a contract. [2] However, it should be pointed out that once the problem of electronic signature is solved technically, the practicality of electronic signature in e-commerce and its legal effect will not be lower than that in traditional contracts. At the same time, we should also see that since we recognize that electronic contracts are in written form, we must recognize the effectiveness of electronic signatures, because without electronic signatures, anyone can freely access computer systems and tamper with the contents of documents, so electronic contracts are difficult to exist.
At present, there is a tendency to regard "electronic signature" as a signature in the legislation of countries and international organizations all over the world. For example, the Working Group on the Promotion of International Trade Procedures of the United Nations Economic Commission for Europe believes that as long as the signature on a trade document can be used to identify the source of the document (that is, to trace the author of the document) and use the signature to authenticate the document, the signatory of the document should be responsible for the correctness and completeness of the items on the document. [3] Hamburg Rules (Hamburg
Rule 14 stipulates: "The signature on the bill of lading can be written, copied, punched, stamped, marked or any other mechanical or electronic means, as long as it does not violate the laws of the country where the bill of lading is issued." In China's substantive law, unless otherwise provided by law, the parties may conclude a contract in written form, oral form and other forms, but not in written form, signature and seal. In this regard, the written form and signature and seal emphasized by the Anglo-American legal system are the basis for the establishment and effectiveness of the contract.
This principle is very different. Therefore, the legal requirements for signature or seal in China are not involved too much in specific legal provisions. [4] However, China's contract law adopts a flexible approach. Article 33 of China's "Contract Law" stipulates: "If the parties conclude a contract by letter or data message, they may request to sign a confirmation letter before the contract is established. The contract was established when the confirmation letter was signed. " According to this provision, if the parties use electronic signature when signing a contract, they may either not sign the confirmation letter or request to sign the confirmation letter before the contract is established according to the actual situation. Of course, the latter approach can make the authenticity of the contract more clear and prevent the forgery of electronic signatures.
The author thinks that the relevant government departments should actively introduce and explain the definition, purpose, scope of application and usage of electronic signature to the public, and then the law will provide a set of fair and reasonable rules of the game. By establishing a perfect electronic signature and electronic authentication system, on the one hand, it can promote the development of e-commerce, on the other hand, it can improve people's acceptance of electronic signatures and reduce fraud such as forgery and alteration of electronic signatures.
Secondly, the legal issues about electronic authentication.
(a) Overview of electronic authentication
Authentication is a process to prove that someone or something is effective or worthy of the name, and its goal is still centered on "safety". The security of e-commerce mainly includes two aspects: one is to establish a security authentication mechanism in technology to confirm the authenticity of the identity of both parties to the transaction and the confidentiality, integrity and non-repudiation of information; At the same time, modern cryptography and electronic signature technology are used to ensure the security of e-commerce activities. Second, when there are mistakes in e-commerce activities, how to use legal means to solve the problems of responsibilities, rights and obligations of both parties to the transaction. Authentication is an important part of good data security measures in computer system or communication. The development of electronic information technology has greatly enhanced people's ability to obtain information, but also increased the risk of some sensitive or valuable data being abused. How to ensure the subject qualification of the counterparty and the security of transaction data is a matter of great concern to all parties in electronic transactions. Therefore, we must ensure the authenticity and reliability of the identity of buyers and sellers in electronic transactions. The role of electronic authentication is to confirm the true and valid identities of both parties to the transaction.
Electronic authentication, like electronic signature, is a security mechanism in e-commerce activities. It is a service provided by a specific third party to verify the true identity of electronic signatures and their signers. Electronic authentication is mainly used for the credit security of electronic transactions to ensure the authenticity and reliability of traders' identities in an open network environment. Electronic authentication is to ensure that a person's identity information or specific information has not been modified or replaced during transmission. [5]
In the process of electronic transactions, apart from the mutual identification of the two parties through electronic signatures to ensure the integrity of the transmitted information, the authentication of the electronic signature itself can not be completed by the parties themselves, but by an authoritative, credible and impartial third party, thus establishing an effective and reliable protection mechanism for electronic transactions. This third party is called a certificate.
California authority). Certification bodies provide authentication services in the process of electronic transactions, and can issue digital certificates to confirm the true identity of users. At the same time, because e-commerce activities are often cross-border, both parties to the transaction need authentication institutions in different countries to authenticate their identity and issue electronic authentication certificates to the opposite party in e-commerce activities. In practice, it is necessary for countries to mutually recognize the validity of electronic certificates issued by the other country's certification bodies to ensure the smooth progress of e-commerce activities.
(b) Analyze the legal status and legal responsibilities of certification bodies.
In e-commerce activities, certification bodies neither sell any goods to online parties, nor provide funds or labor resources. The service they provide is only intangible certificate information. This digital certificate contains the public key, the name of the other party, the electronic signature of the certification authority, the valid time of the key, the name of the issuing authority, the serial number of the certificate, etc. In the whole process of electronic transactions, certification bodies should not only be responsible for all parties involved in electronic transactions, but also be responsible for the transaction order of the whole electronic commerce. Therefore, it is a very important institution.
In the establishment of the certification body, we must emphasize that it should be an independent legal entity, that is to say, it can provide services in its own name, provide guarantees with its own property, and independently bear corresponding civil liabilities within the scope prescribed by law. Certification bodies must remain neutral in the whole process of electronic transactions. Generally speaking, they can't directly conduct business transactions with customers, nor can they represent the interests of any party. They can only promote the transactions between the parties by publishing objective transaction information. In addition, electronic certification bodies should not aim at profit, but should be similar to public enterprises that undertake social service functions. From the experience of foreign countries, it is more appropriate to set up a specialized, independent and non-profit certification body.
Combined with the precedent of international e-commerce legislation, certification bodies should generally undertake the following obligations: 1. Information disclosure and notification obligations. Its fundamental purpose is to safeguard the public interest and protect the information vulnerable groups. Second, security obligations. Security and credibility are the requirements of the public for certification bodies, and certification bodies should adopt a security system that can meet the conditions. Third, the obligation of confidentiality. Certification bodies shall not disclose information that needs to be kept confidential. In addition, the certification body also has other obligations, such as: burden of proof, that is, if the parties have disputes in the process of using the certificate, the certification body can provide evidence services for them according to the requirements of both parties or one party.
At the same time, certification bodies will face many potential risks in the process of providing certification services. The main risk types are: (1) loss of digital records due to technical errors; (2) The information is not strictly examined, the certificate contains false statements, and the third party credulously believes its statements, and trading based on the level of the certificate will damage the credibility of the certification body; (3) The certificate is terminated or revoked without reasonable and appropriate discrimination; (4) The authentication service is interrupted due to server failure or periodic offline repair; (five) internal personnel, that is, employees of certification institutions who have access to the certificate database, make false certificates or tamper with certificate records; (6) External personnel use various methods to reform the general agreement of certification bodies; (7) As a network organization, with the update of technology, its elimination rate is high, and its service may be difficult to maintain for a long time, but the management of some long-term certificates requires continuous uninterrupted service, and so on. [6]
From the nature and risk analysis of the above certification bodies, it can be seen that the emergence and development of electronic certification will lead to many new legal problems in the field of e-commerce, mainly including: 1 The legal status of digital certificates and certification bodies and the legal supervision of electronic certification should be regulated through legislation, otherwise the orderly development of electronic certification cannot be guaranteed. Two, the risks faced by electronic authentication will lead to the responsibility of the certification body, because the certification body may cause losses to the certificate holder or certificate client in some occasions. 3. As a new type of credit service subject with important value in the field of e-commerce, certification bodies will face many practical or potential practice risks. Four, the service standards or technical standards that electronic authentication should meet should be standardized and improved accordingly, so as to truly achieve the purpose and value of ensuring the security of electronic transactions. Based on these legal problems, the author believes that electronic authentication, as an important means to ensure the security of online transactions and the credit system of electronic transactions, should occupy its due position in the future e-commerce legislation.
Three. Comments on China's Electronic Signature Law and Administrative Measures for Electronic Authentication Services
On August 28th, 2004, the 11th meeting of the 10th the National People's Congress Standing Committee (NPCSC) voted and passed the Electronic Signature Law. As an important supporting regulation of the Electronic Signature Law, the Measures for the Administration of Electronic Certification Services was also issued in the form of a ministerial order of the Ministry of Information Industry on February 8, 2005. On April 1 2005, the Electronic Signature Law was officially implemented, and its supporting department regulations, the Administrative Measures for Electronic Certification Services, were implemented at the same time. This means a new beginning in the development of informatization in China, because from this day on, informatization in China will bid farewell to the past history. Some experts believe that this will play an extremely important role in promoting the development of e-commerce and e-government in China.
Electronic Signature Law is the first law in the field of informatization in China. In a sense, "Electronic Signature Law" opened the legislative prelude of the era of information digitalization. [7] "Electronic Signature Law" is divided into five chapters and 36 articles, which adopts "technology neutrality" (technically
The legislative principle of neutrality is forward-looking and inclusive. Considering that the relative stability of law should not be affected by technological progress, it also leaves legal space for the application of new technologies in the future. According to the law, we can see that the main purpose of the legislation of this law includes two aspects: first, standardize the behavior of electronic signature, establish the legal effect of electronic signature, and safeguard the legitimate rights and interests of all parties to the transaction; The second is to promote the development of e-commerce and e-government and enhance the security of electronic transactions. The author thinks that the Electronic Signature Law mainly solves the following five problems: (1) establishes the legal effect of electronic signature; (2) standardize the electronic signature behavior; (3) The security measures of electronic signature are stipulated; (four) to clarify the legal status and certification procedures of certification bodies, and set the market access conditions and administrative licensing procedures for certification bodies; (5) It is clear that the main body of administrative licensing of certification bodies is the competent department of information industry in the State Council.
On the surface, the Measures for the Administration of Electronic Certification Services is only a departmental regulation, but because it is specially authorized by national laws, it is different from the general departmental regulations and has important legal effect and function. The Measures for the Administration of Electronic Authentication Services are divided into 8 chapters and 43 articles, based on Article 25 of the Electronic Signature Law: "The competent department of information industry in the State Council shall formulate specific measures for the administration of electronic authentication services in accordance with this Law and supervise and manage electronic authentication service providers according to law." The author believes that the formulation and implementation of the Administrative Measures for Electronic Certification Services has important practical significance, mainly in three aspects: (1) Because China's electronic certification service industry is still in its infancy, the conditions for relying on market guidance and industry self-discipline are not yet available, it is necessary for government departments to implement appropriate supervision and management of electronic certification institutions; (2) How to properly supervise government departments needs to be explored in practice, but relevant laws can only be promulgated after the conditions are fully mature. Only in this way can we ensure the smooth implementation of the electronic signature law; (3) From the reality, before the promulgation of the Electronic Signature Law, there were many different types of certification bodies engaged in electronic certification services in China. These institutions generally have the problem of "three noes" without legal provisions, standards and norms and competent departments, and they also need the norms of relevant laws.
At present, China's electronic signature and electronic authentication are still in the early stage of development, so many problems will inevitably be exposed in legal practice. It is far from enough to rely solely on the Electronic Signature Law and the Administrative Measures for Electronic Certification Services. The lack of other relevant laws and regulations will inevitably pose legal obstacles to the development of e-commerce in China. Therefore, the author believes that the improvement of China's e-commerce legal system should focus on the following aspects: the protection of network privacy, the protection of consumers' rights and interests in e-commerce, electronic payment, information security, e-commerce taxation, intellectual property rights and related procedural legal issues.
Still not comprehensive. You should consult a lawyer.