Friday, October 28th, 2022

Buggy Law 6: eIDAS and Terminology

Can legislation have bugs? That is, can it contain “errors or imperfections that reduce reliability, performance, or user experience” – just like bugs do in computer software? In a series of posts we have found flaws of commission and omission in eIDAS, the EU law that controls online identification and online signatures for the public sector in all EU states. Now it’s time for terminology.

In this series we have highlighted questionable aspects of the EU regulation usually called “eIDAS” that controls online identification, online signatures, and several other online services for the public sector. It applies from 1 July 2016 in all EU member states. Its text consists of 77 recital items (short statements showing the reason for the existence of this law, some of which actually are nothing but sales pitch) and an operative part which is divided into 52 articles, 42 pages in all.

42 pages is a considerable amount of text. Much of it specifies the behaviour of computer software but is not written by professional programmers or people familiar with computer science.

eIDAS is the sequel to a ground-breaking directive issued in 1999, a piece of law that made “electronic signatures” legally valid in the EU. It did so tersely, in only 9 pages.

The 1999 lawmakers may be forgiven for using the word “electronic”. They were entering untrodden territory. However, conceptually there is nothing “electronic” about online identification and online signatures, absolutely nothing.

As a comparison, we have had music, and later video, distributed on CD and DVD. Those disks are basically pieces of plastic with embedded layers of metal. Music on a CD was never called “plastic music” just because it was carried by a piece of plastic. The term “electronic music” exists, but does not refer to music from a streaming service. No one has had to explain that the music, or the video, was the main thing, not the stuff used to carry them. The term “digital media” rapidly emerged in everyday vocabulary.

Online identification and online signatures likewise are digital in nature. They are concerned with digital messages. These messages may be carried by electronics, but also, for instance, by a CD. They may even be printed on paper without losing validity. Signatures do not morph into “plastic signatures” or “paper signatures” when the carrier is not electronic. They are invariably digital.

As the 1999 directive was repealed after 15 years, the terminology could have been corrected. Quite to the contrary, eIDAS uses the word “electronic” 357 times. Everyone is a mistake. A tiny mistake, you may object. Indeed, but making 357 slight mistakes in a single piece of legislation sows a seed of doubt. Do lawmakers have sufficient insight into their subject matter?

Up to this point we have discussed weaknesses in eIDAS. The next post will offer urgently needed amendments to this legislation.

Link to all posts in this series

Comments are closed due to the spam factor. You may respond by email to blog AT soderstrom DOT se

Comments are closed.