Today and future applications of eSignature in Europe

1
Today and future applications of eSignature in
Europe

Stig Aga Aandstad European Commission
Miedzyzdroje, 1 June 2005

• What we know..
• Success factors?
• EU status and actions

2
Prerequisites

• Prerequisites We have....
• A legal framework?
• Technologies?
• Issue understanding?
• Prerequisites We know the need...
• Enabling technology for a range of services
• eGovernment
• Free movement (four freedoms in the digital age)
• Information Space
• ...and a lot more
• ... But also PKI is not the single possible
  solution

3
Are we forgetting possible success factors?

• Simplicity Occam's razor on usage
• Usability including inclusion and
  accessibility
• Common standards (yet diversity) including
  interface standards
• Consumer confidence trust, privacy
• European scope
• Seamlessness - system integration
• Sufficient security

4
Simplicity and usability

• The users choose the usage
• ...in an interplay with what is made available on
  the market and legal regulation
• The street finds its own uses
• The lesson of PIN-codes and credit cards online
  Best combination of trust, being recognisable and
  simplicity
• The danger of PKI The perfect might become the
  enemy of the good

5
Common Standards

• Interoperability
• Major concern in new European strategy i2010
• 20 passwords today how many PKI-logons, cards
  or devices in the future?
• Safeguard competition, avoid lock-ins on key
  technologies and dominance of market vertical
  or horizontal
• Allow for innovation to allow the street to
  find its uses (remember the web)

6
Consumer acceptance

• Trust and privacy
• rising as major concerns among consumers and
  consumer organisations
• i2010 Privacy enhancing technologies a priority
• Two examples of PKI use
• In some DRMs As a complete monitoring tool,
  identifying users and tracking their behaviour.
• Result Consumer protests, legal markets loose
  out to greyzone
• In TOR As a means of securing privacy on the
  web, making private browsing possible
• No big commercial use, only governmental, but
  sets an example
• Anonymous resolutions... Minimum ids...

7
eEuropan scope

• Pan-European services
• ...
• Building nation specific solutions might create
  long-term problems
• A few vital services need to be interoperable
  across Europe to ensure internal market in the
  digital area (the information space
• To secure the four freedoms...
• (e.g. Health cards, id cards, declarations of
  various goods and services...)
• To ensure a larger audience and market in itself

8
Seamlessness

• To avoid jump-off points in the processing
• If interoperability is not seamless, interaction
  is not seamless, users will jump off
• The click-through rule-of-thumb 30 user loss
  per extra click to achieve one function in an
  online service
• Perception As a natural ingredient in the
  activity being done by the user, or as an
  (near-)invisible function in an integrated system
• System agnosticism Business, web, web-service
  less important than service (convergence made
  real)
• Not show how it is done but what

9
Sufficient security

• Security is the foundation
• The old balance Sufficient to be efficient

10
Success A multitude of services, secure and
usable
11
eEurope and Lisbon

• From eEurope 2005 to i2010...
• Shall provide the political chapeau for
  activities on...
• the regulatory framework (including relevant
  legal and regulatory questions outside the
  communications area),
• the audiovisual and media sectors...
• ...and for research and innovation in relevant
  areas
• Reinforce the contribution of ICT to Europes
  performance...
• Creating a favourable environment for
  competitiveness and growth...
• Increase the welfare of European citizens through
  increased use of ICT...
• broadened scope all electronic communications,
  services and media sectors
• Setting the targets and benchmarking performance

12
Launch i2010, 1 June 2005

• A Single European Information Space
• Innovation and investment in research
• Inclusion, better public services and quality of
  life

13
1. A single information space

• A Single European Information Space offering
  affordable and secure high bandwidth
  communications, rich and diverse content and
  digital services.
• Challenges
• Speed, rich content, interoperability, security
• Actions
• Review electronic communications framework,
  modernising legal framework for audiovisual,
  European content support, strategy for secure
  European Information Society targeted actions on
  interoperability (especially DRM)

14
2. Innovation and investment in research

• World class performance in research and
  innovation in ICT by closing the gap with
  Europes leading competitors
• Actions
• Research increase prioritise for ICT, launch
  bottleneck-solving initiatives measures to
  encourage private investments
• eBusiness policies barrier removing
• Support tools for new patterns of work

15
3. Inclusion, better public services and quality
of life

• An Information Society that is inclusive,
  provides high quality public services and
  promotes quality of life.
• Actions
• Policy guidance on eAccessibility and broadband
  coverage eInclusion initiative proposal, Action
  plan on eGovt demonstrator projects three
  flagship initiatives on Quality of Life-ICT

16
Status of the eSig-directive and report

• Directive implemented in all countries
• No formal review procedures yet
• Status report currently in internal processes
• No current plans of directive revision for the
  moment

17
...status of eSig-directive

• Implementation might not always be uniform in
  detail
• Some countries might be very specific, beyond the
  scope of the directive, others more general
• The actual legal validity of using certificates
  in different countries (cross-border) is not
  investigated yet
• Areas not covered that cause problems
• Like time-stamps/storage, key escrow....
• Liability - especially when private PKI is
  licensed by government and use is
  transborder/private

18
Reality use

• eGov and Internet banking dominates
• Private sector PKI was expected to be bigger, but
  eGovernment is
• Banking often use one-time pads etc
• No big PKI in normal use, but plenty small,
  functional applications
• No real transborder operations
• Some transborder eID compatibility, but their
  applications are single-country
• Smart card, m-payments..
• A migration to EMV, reduced gaps in approach
  between US, Europe Japan

19
Actions and research

• EC
• Focus on eGovernment PKI now
• All levels of eSig covered by directive is
  promoted
• Several research areas in the Framework Programs
• PKI Challenge, NESSIE, DIGISEC security
  programs, biometric programs...
• Support for standardisation work EESSI
  (CEN/ISSS, ETSI), the 12 working groups, OSCIE,
  FINREAD...
• ENISA

20
On the web

• http//www.europa.eu.int/eeurope