Buggy Law 7: eIDAS Urgent Amendments
Can legislation have bugs? That is, can it contain “errors or imperfections that reduce reliability, performance, or user experience” – just like bugs do in computer software? In a series of posts we have examined eIDAS, the EU law that controls online identification and online signatures for the public sector in all EU states. It is time for some action.
One major problem we have found with eIDAS, in theory and practice, is the lack of transparency. From a signatory point of view (a signatory is a person who signs something) essential elements are hidden from view or go unexplained.
Compare this to EU law concerning cookies in web browsers, the ePrivacy Directive. Every web site, in the name of transparency, has to ask for permissions to set cookies – to the extent that it has become a nuisance. On the other hand, users signing legally binding documents may be kept in the dark about what goes on under the hood. In some cases they are not even allowed access to what they signed. eIDAS does not prevent such abuse.
As a minimum, amendments to eIDAS are required – urgently. We assume lawmakers will show that they grasp their subject by changing terminology from “electronic” to “digital”. Our proposals follow as itemized text.
- Procedures for digital identification and for making digital signatures shall be transparent to signatories. The significance of each non-trivial process step shall be made clear to signatories before being carried out.
Some aspects of transparency need to be spelled out in more detail. Here are specific items.
- A document to be signed digitally shall be explicitly defined, and be freely accessible to the signatory before signing.
- A document that has been digitally signed, including its signatures, shall be freely accessible to any and all of its signatories for no less than 30 days.
If you didn’t read the first posts in this series you may not realise that these simple elements of common decency are currently violated on a large scale.
The supposedly most secure digital signature in the eIDAS inventory is the qualified signature. Its main weakness is that there is no cryptographically assured link from the signature back to the signatory, seemingly missing the main point about signatures.
One step in a qualified signature is an additional identification of the signatory. This identification is then taken as an authorization to have a signature robot sign for the signatory – without telling the signatory. One more transparency item is needed.
- Digital identification of a signatory, by itself, cannot be claimed as authorization for any action on behalf of the signatory. If identification would imply any kind of authorization this shall be clearly communicated before identification takes place.
For a typical qualified signature, here is a suggestion for a text to be presented to the signatory.
Are you willing to let a signature robot sign in your place and then to take full responsibility for the document so signed? To confirm, please identify; otherwise cancel.
Presenting such a text is a matter of decency. It does not improve the quality of the signature.
Besides transparency, an amendment is needed for trust services.
- A trust service may not be used in transactions where its provider has a stake. If it does, the trust it confers shall be null and void.
Hundreds of millions of euros are being invested in eIDAS-compliant infrastructure. The mistakes inherent in eIDAS are being cemented and projected onto the EU population on a grand scale until this law is amended.
To a large extent, eIDAS is about computer software. In the next post we will view eIDAS as a software development project and compare it to the state of the art in software engineering.
Comments are closed due to the spam factor. You may respond by email to
blog AT soderstrom DOT se