D3.2: A study on PKI and biometrics

Title: LEGAL PROVISIONS ON THE USE OF PSEUDONYMS FOR ELECTRONIC SIGNATURES

I. Legal provisions on (online) Anonymity - Pseudonymity on a European level

Directive 95/46/EC on processing of personal data defines “personal data” as “any information relating to an identified or identifiable natural person (“data subject”)”.

An “identifiable person” is defined as “one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity”.

The Directive is not applicable to anonymised data. Recital 26 of the Directive’s preamble explicitly states that “the principles of protection shall not apply to data rendered anonymous in such a way that the data subject is no longer identifiable.” Recital 26 also explains that “to determine whether a person is identifiable, account should be taken of all the means likely reasonably to be used by the controller or by any other person to identify the said person”.

At first sight, recital 26 seems to be univocal. On the transposition of the EU Directive into Belgian law, a very radical stand was put forward, taking into account this recital. The radical interpretation of the notion of identifiability in the EU Directive, which was followed in the explanatory memorandum of the Belgian privacy law, has not been adopted in other EU Member States. Most of them took the view that data had no connection with an identifiable person if the controller (= the person responsible for the processing of the personal data) could not retrieve the identity of the person without unreasonable efforts. In such case, those data were not considered as personal data on account of the controller. Consequently, from a legal point of view, the notion of anonymity is generally limited to simply referring to the impossibility of identifying a natural person with reasonable means.

Pseudonymity is a way to be pseudo- or fully anonymous. In the event of pseudo-anonymity, the pseudonym is an identifier that does not reveal one’s identity at first but is indirectly sufficient to associate the transaction or the communication with the particular human being who uses the fictitious name (which makes the Directive on processing of personal data applicable). In case of real or full anonymity, the pseudonym cannot be linked to any form of identity knowledge at all and consequently, this directive is not applicable.

Directive 1999/93/EC recognises the right to use pseudonyms in its article 8 (3): “Without prejudice to the legal effect given to pseudonyms under national law, Member States shall not prevent certification service providers from indicating in the certificate a pseudonym instead of the signatory’s name.” This is confirmed in annex I where it is stated that a qualified certificate must contain, besides other requirements, “the name of the signatory or a pseudonym, which shall be identified as such”.

Directive 2000/31/EC (i.e. the directive on e-commerce) does not intend to prevent the anonymous use of open networks such as the Internet.

Directive 2002/58/EC (i.e. the directive on privacy and electronic communications) acknowledges expressly the right to anonymous communications.

Recital 9 stresses the need for Member States to take particular account of the objectives of minimising the processing of personal data and of using anonymous or pseudonymous data where possible.

Recital 33 states that Member States should encourage the development of electronic communication service options such as alternative payment facilities which allow anonymous or strictly private access to publicly available electronic communications services, for example calling cards and facilities for payment by credit card. 

An important provision in this Directive is that the practice of sending electronic mail for purposes of direct marketing disguising or concealing the identity of the sender on whose behalf the communication is made, or without a valid address to which the recipient may send a request that such communication cease, has to be prohibited by the EU Member States” legislation. 

The scope of this contribution, within FIDIS deliverable D3.2, is limited to the background of the legal provisions use of pseudonyms for electronic signatures, i.e. the background of the above mentioned article 8 of Directive 1999/93/EC. Consequently, we will not elaborate legal aspects of the general use of “anonymity” and “pseudonymity” in an online context (e.g. contractual and criminal liability of anonymous service providers), nor apply them to specific situations, such as anonymous connections, e-mail, publishing, browsing, payments, voting or auctions.

II. Background of article 8,3° of Directive 1999/93/EC

1. Legitimacy of the use of on-line anonymity / pseudonymity in a European context

In Europe, the use of on-line anonymity has been examined by EU Data Protection Working Party and has led to a recommendation on this issue. The Working Party points out a number of legitimate situations for anonymous online communications (e.g. a victim of a sexual offence seeking help or wanting to share his/her experiences with others, political dissidents subject to a totalitarian regime wishing to express their opposition to the political system, etc.). It concludes that the need for anonymity goes much further than those specific cases and that the very existence of identifiable transactional data creates means through which individual behaviour can be surveyed and monitored to a degree that has never been possible before.

In a working document of 21 November 2000, the Working Party explains that the ability to choose to remain anonymous – and consequently to have anonymous access to the internet – is essential if individuals are to preserve the same protection for their privacy on-line as they currently enjoy off-line. It is striking that, even after the events of 11 September 2001, the EU Data Protection Working Party has reaffirmed the need for using on-line anonymity and pseudonymity in its recent working document on on-line authentication systems. Likewise, the Council of Europe promotes the use of on-line anonymity as a tool for effective protection of the fundamental right to on-line privacy. On 28 May 2003 the Council of Europe adopted a Declaration on Freedom of Communication on the Internet.

Principle 7 of this Declaration relates to anonymity and is formulated as follows: “In order to ensure protection against online surveillance and to enhance the free expression of information and ideas, member states should respect the will of users of the internet not to disclose their identity. This does not prevent member states from taking measures and co-operating in order to trace those responsible for criminal acts, in accordance with national law, the Convention for the protection of Human Rights and Fundamental Freedoms and other international agreements in the fields of justice and the police.”

The use of anonymity can be legitimate as a tool to protect effectively the fundamental right to privacy and the fundamental freedom of expression. In addition, the use of anonymity can be legitimate in specific situations to protect the possibly threatened interests of the user when completing certain legal acts. Finally, anonymity can be used to protect the interests of a party in a contractual environment. On the other hand, there is a broad consensus that absolute anonymity is not appropriate in all circumstances. Restrictions on the use of anonymity could be justified both from a public law perspective (protecting public interests, for instance protection of national security, territorial integrity, public safety, crime prevention, etc.) as from a private law perspective (mainly for accountability reasons). In order to reconcile the right to anonymity and the necessary limitations on this right, several solutions for “controlled anonymity” are being proposed. One example is “trustee-controlled conditional anonymity” whereby a previously anonymous individual can be identified only with the help of a trusted third party. The anonymity should only be revoked in specific circumstances, and when it is legally authorised. Revocation should technically only be possible with the help of the trustee.

With a view to facing the possibly increased use of on-line anonymity, to avoid misuse of on-line anonymity and to develop its fair use, governments should be urged to refine on-line anonymity in narrowly tailored regulations. Given the variety of context within which anonymity can be used, regulations on the use of anonymity, possibly supported by self-regulation initiatives, should be specified in terms of their scope of application – namely in which situations is on-line anonymity allowed or not allowed – and in terms of types or degrees of anonymity – namely the modalities of conditional or revocable anonymity vs. unconditional or irrevocable anonymity.

Article 8,3° and annex I of Directive 1999/93 can be seen as a (first) attempt of the European legislator to organise legitimate but controlled anonymity, as it provides that “certification service providers cannot be prevented from indicating in the certificate a pseudonym instead of the signatory’s name and that the name or pseudonym should be identified as such.”

2. Origin, meaning and legal consequences of article 8,3° Directive 1999/93/EC

a. Origin of Directive 1999/93/EC

This directive is the result of a long legislative process, which started in the mid-nineties. One of the barriers for a generalised use of digital signatures was the lack of generally recognised standards. At the European level, the challenge was first taken up by ETSI, with a first report on the requirements for trusted third parties (“certification authorities”) in 1997. Meanwhile, draft national legislation on digital signatures was introduced in some EU Member States. On 22 July 1997 the German Bundestag approved the “Signaturgesetz”. The law offered an administrative framework within which people could make use of digital signatures in a secure manner. Around the same period, legislation on digital signatures was also enacted in Italy. As soon as the first drafts of the national laws in Germany and Italy became public and given the fact that other Member States (such as the UK, Belgium, France, the Netherlands, Denmark and Spain) also started legislative initiatives, or at least called for consultation papers on this subject, the European Commission started seriously to worry about the internal market effects of these legislative initiatives.

Consequently, after having published two communications on the subject, the European Commission started to draft a proposal for a directive. The first draft directive was put forward on 13 May 1998, but the first attempt to achieve a political agreement collapsed, because of a disagreement between Member States, which was due to a misunderstanding about the concept of digital signatures, about the difference between legal rules and standards and about the basic principles behind the German “Signaturgesetz” (which served as model for the proposal, jointly with the United Nations UNCITRAL model-law on Electronic Signatures).

In April 1999 the European Parliament issued its opinion in first reading on the directive proposal. A few weeks later, the Council came to a common position. The recommendation for second reading of the European Parliament was delivered in October 1999. The directive was finally signed on 13 December 1999 and published in the Official Journal of 19 January 2000. Starting from that date, the Member States had 18 months to transpose the Directive into their national law. 

b. Origin and significance of article 8,3° of Directive 1999/93/EC

The original directive proposal contained the following provision on the use of pseudonyms in its article 8 and annex 1:

“[…] 3. Member States shall ensure that, at the signatory’s request, the certification service provider indicates in the certificate a pseudonym instead of the signatory’s name.

4. Member States shall ensure that, in the case of persons using pseudonyms, the certification service provider shall transmit the data concerning the identity of those persons to public authorities on request and with the consent of the data subject. Where according to national law the transfer of the data revealing the identity of the data subject is necessary for the investigation of criminal offences relating to the use of electronic signatures under a pseudonym, the transfer shall be recorded and the data subject informed of the transfer of the data relating to him as soon as possible after the investigation has been completed.”.

Annex I: “[…] (b) the unmistakable name of the holder or an unmistakable pseudonym which shall be identified as such.”

Recital 13 of the preamble makes clear what was meant with these provisions, namely to ensure user confidence in electronic communication and e-commerce by: 

• Obliging certification service providers to respect data protection legislation and individual privacy 

• Obliging them to provide certification services also for pseudonyms at the request of the signatory 

• Laying down in national law if and under what conditions the data revealing the identity of the data subject must be transferred for investigation of criminal offences 

• Confirming that certification service providers should inform users in advance of their conditions, in particular regarding the precise use of their certificates and limitations of their liability, in writing and in readily understandable language and using a durable means of communications 

In its opinion in first reading, the European Commission suggested more than 30 amendments on the directive proposal. Two of them are relevant for the discussion here.

With amendment 26, the European Parliament proposed to add an additional sentence stating that “Certification Service Providers are allowed to indicate in a certificate a pseudonym provided that this is permitted by national legislation in non-electronic commercial relations.”

The European Parliament explained that there are no general rules on pseudonyms for off-line transactions because there is no need for such provisions in off-line transactions and that in principle, consumers can choose to remain anonymous. With this amendment, the European Parliament wanted to establish a necessary tool providing for the possibility to do on-line transactions in the same way as off-line. Nevertheless, this amendment has been rejected by the European Commission, because it would cause implementation problems.

With amendment 27, the European Parliament proposed to add and leave out some parts of article 8,4° directive proposal:

“4. Member States shall ensure that, in the case of persons using pseudonyms, the certification service provider shall transmit the data concerning the identity of those persons to public authorities on request and with the consent of the data subject. Where, in line with Directive 95/46/EC according to national law the transfer of the data revealing the identity of the data subject / signatory to public authorities is necessary for the investigation of criminal offences relating to the use of electronic signatures under with a pseudonym certificates or necessary for legal claims related to transactions done by using electronic signatures with pseudonym certificates, the transfer shall be recorded and the data subject informed of the transfer of the data relating to him as soon as possible after the investigation has been completed.” (Left out: strikethrough, added: underlined)

Although the European Commission had accepted this amendment, neither the amended text, nor the original text has become part of the directive. Apparently, the accepted version was part of the compromise reached by the Council in April 1999, as reformulated in the text of 28 June 1999. The reformulated text totally left out the above mentioned recital 13 and replaced it by recital 25: “Whereas provisions on the use of pseudonyms in certificates should not prevent Member States from requiring identification of persons pursuant to Community or national law.” Furthermore, it also changed article 8,3° and 8,4° by (1) incorporating them into one paragraph and (2) – radically – changing the content of the article: “[…] 3° Without prejudice to the legal effect given to pseudonyms under national law, Member States shall not prevent certification service providers from indicating in the certificate a pseudonym instead of the signatory’s name.” In addition, the correspondent paragraph of annex I (slightly) changed into “(c) the name of the signatory or a pseudonym, which shall be identified as such.”

c. Significance of article 8,3° Directive 1999/93/EC?

A good way to understand what the European legislator has intended with this provision is to ask why the former versions and amendments have not been accepted: From a comparison between amendment 26 of the European Parliament and the final text of the directive, it can be concluded that the European legislator wanted to make sure that Member States would not prevent certification service providers from allowing a pseudonym in the certificate, even if the respective national law of the Member State does not provide an equivalent for “off-line” situations, in order to avoid implementation problems. From a comparison between (a) the texts which have not been adopted (namely: article 8,3° and 8,4° directive proposal; the 4 “action points” in recital 13 directive proposal; and the above mentioned EP amendment 27) and (b) the final version of article 8,3° as it was motivated by the Council, the following conclusions can be drawn. The European legislator wanted:

1. To make sure that Member States would not prevent certification service providers from indicating pseudonyms in the certificate (recital 13 directive proposal and article 8,3° Directive 1999/93/EC). 

2. To leave the choice to give legal effect to pseudonyms or not to the Member States (article 8,3° Directive 1999/93/EC). This is not surprising, as recital 17 of Directive 1999/93/EC states that the directive does not seek to harmonise national rules concerning contract law, particularly the formation and performance of contracts, or other formalities of a non-contractual nature concerning signatures. The Directive wants to contribute to the use and legal recognition of electronic signatures within the Community (recital 16).

3. To leave the possibility to indicate a pseudonym in the certificate to the mere situation when the signatory requests it (recital 13 directive proposal and article 8,3° of the directive).  

4. Not to restrict the authorisation of the transmission of information concerning the identity of persons using pseudonyms to the case of a criminal investigation or court proceedings.  

Both the original text of article 8,4° as EP amendment number 27 proposed to provide with the possibility to transfer data concerning the identity of the data subject / signatory to public authorities, for the investigation of criminal offences.

It appears from the motivation of the adopted text, as proposed by the Council, that such a restriction might involve the risk of encouraging the illegal use of electronic communications.

This rule has been “formalised” in recital 25 of Directive 1999/93/EC, which states that the provisions on the use of pseudonyms in certificates should not prevent Member States from requiring information of persons pursuant to Community or national law. 

1. To oblige certification service providers to communicate their (general) conditions to the signatory (recital 13 of the directive proposal and article 8,3° directive).  

2. To ensure that a certification service provider could indicate in a qualified certificate limitations on the use of that certificate cq. value of transactions for which the certificate can be used, provided that the limitations are recognisable to third parties.

Consequently, it does not matter in which way these limitations are made clear (e.g. in writing or using a durable means communication), provided that they are recognisable, not only to the users but to third parties in general.  

d. Legal consequences: Specific liability rules concerning the certification service provider issuing pseudonymous certificates

Article 8,3° Directive 1999/93/EC does not affect the contractual relationship between certification service providers and the recipient of a certificate nor the relationship between the certification providers and public authorities.

The following aspects regarding the specific liability regime should be considered:

• A service provider issuing a (pseudonymous) certificate is liable for the damage resulting from the inaccuracy and incompleteness of information contained in the qualified certificate at the time of the issuance of the certificate. Indeed, one cannot reasonably expect that the certificate service provider would permanently verify the accuracy of the information. This is a responsibility of the recipient of the certificate, who possibly might have to revoke the certificate.

• A service provider issuing a (pseudonymous) certificate should also guarantee that the recipient of the certificate holds, at the time of the issuance of the certificate, the signature-creation data corresponding to the signature verification data given in the certificate. If the certification service provider generates both, he should assure that they can be used in a complementary manner.  

• Finally a service provider issuing a (pseudonymous) certificate should ensure that the date and time of revocation of the certificate are accurately registered.  

The certification service provider is liable for damage caused by non-compliance of the above mentioned obligations, unless the certification service provider proves that he has not acted negligently. It could be envisaged that the certificate service provider registered the revocation of a certificate via a register accessible on his website, but that third parties had no access to the website for a reason out of control of the certification service provider. 

The certificate service provider can limit his liability on two grounds, namely by indicating in a qualified certificate limitations on 1) the use of that certificate or 2) the value of transactions for which the certificate can be used, provided that the limitations are recognisable to third parties. 

Firstly, the basic elements of the economic theory on the diffusion of innovations will be presented, and then its applicability to electronic signatures will be discussed. 

Economic Theory

Rogers defines diffusion as “the process in which an innovation is communicated through certain channels over time among the members of a social system” and as a “special type of communication, in that the messages are concerned with new ideas” [ROG03]. An innovation is defined as an “idea, practice, or object perceived as new by an individual or other unit of adoption” [ROG03]. Five attributes of innovations, as perceived by the members of the social system, determine its rate of adoption:

1. Relative advantage: is the degree to which an innovation is perceived as better than the idea it supersedes. It is not so important if the innovation has an objective advantage, but rather if the individual perceives the innovation as advantageous. Advantages can measured in economic terms, but social prestige, convenience, and satisfaction also can play an important role.

2. Compatibility: is the degree to which an innovation is perceived as being consistent with the existing values, past experiences, and needs of potential adopters. An innovation that is consistent with the existing values will diffuse more rapidly than one that is incompatible with the norms and values of the social system.

3. Complexity: is the degree to which an innovation is perceived as difficult to understand and use. Innovations that are easier to understand will be adopted more rapidly than those who require the adopter to develop new skills and understandings.

4. Triability: is the degree to which an innovation may be experimented with on a limited basis. New ideas that can be tried before the potential adopter has to make a significant investment into the innovation are adopted more quickly.

5. Observability: is the degree to which the results of an innovation are visible to others. The easier it is for individual to observe the results of an innovation, the more likely they are to adopt. [ROG03]

The innovation-decision process

“The innovation-decision process is the process through which an individual passes from gaining initial knowledge of an innovation, to forming an attitude toward the innovation, to making a decision to adopt or reject, to implementation of the new idea, and to confirmation of this decision.” [ROG03]

Figure 3‑: Model of the five stages in the innovation-decision process [ROG03]

A model of the innovation-decision process is illustrated in . In this model the process consists of five stages [ROG03]:

1. Knowledge: occurs when a potential adopter is exposed to the existence of an innovation and achieves an understanding of its functionality. In this stage, mass communication channels play a larger role than in later stages of the innovation-decision process.

2. Persuasion: is the stage in which an individual forms a favourable or unfavourable attitude towards the innovation. In this stage the attributes, as perceived by the individual, play a major role. Also, interpersonal channels are relatively more important at this stage than mass media channels.

3. Decision: is the stage in which an individual takes steps to make a choice to adopt or to reject the innovation.

4. Implementation: It is one thing for an individual to decide to adopt an innovation, however this takes place when an individual puts an innovation into use. In the implementation stage, when the innovation is put to use, problems might occur on exactly how to use the innovation.

5. Confirmation: occurs when an individual seeks reinforcement of an innovation-decision. It is possible that the individual changes the decision if confronted with conflicting messages about the innovation.

Adopter categories

Adopters can be classified into five categories based on their rate of innovativeness. shows the normal frequency distribution and the approximate percentages of the individuals included [ROG03].

Figure 3‑: Adopter categorisation on the basis of innovativeness [ROG03]

Innovators: Innovators play an important role in the diffusion process. They launch a new idea within the social system by importing an idea from outside of the system boundaries. However, innovators might not be respected by other members of the social system. Innovators need the ability to understand and apply complex technical knowledge and must be able to cope with a high degree of uncertainty about an innovation at the time of adoption.

Early adopters: Early adopters are more integrated in the social system than innovators. This adopter category has the biggest influence and degree of opinion leadership within the system. Potential adopters look at early adopters for advice and information about an innovation. Therefore, early adopters help trigger the critical mass when they adopt an innovation.

Early majority: The early majority adopts innovation before the average members of a system. They do not possess a position of opinion leadership in the system, but interact with a lot of members of the social system. They are not the first to adopt an innovation, but follow with a deliberate willingness.

Late majority: The late majority adopts an innovation after the average member of the system. They approach innovations sceptically and cautiously and adoption results because of economic necessity or increasing peer pressure.

Laggards: Laggards are the last members of a system to adopt. They possess almost no opinion leadership.

Interactive innovations and network effects

An interactive innovation is an innovation that is of little use to an adopting individual unless other individuals with whom the adopter wants to communicate also adopt. Thus a critical mass of individuals has to adopt the innovation before it is of use for the average member of the system [ROG03]. The individuals who have adopted an innovation form a network and with each new member the overall value of the network increases [SV98]. This fundamental value proposition is being called network effects, network externalities, and demand side economics of scale [SV98]. Until a critical mass occurs in the diffusion process the rate of adoption is relatively slow [Fi92]. After the critical mass is achieved the rate of adoption accelerates and leads to a take off in the adoption curve [ROG03].  

Rate of Adoption of Qualified Electronic Signatures

Having presented the basic elements of the economic theory on the diffusion of innovations, we now take a look at qualified electronic signatures and their attributes related to their rate of adoption. As stated above, the individual perception of the attributes is the important factor and not the “objective” value of the attributes. Therefore, we try to take educated guesses on how the innovation will be perceived by potential adopters. 

Relative advantage

In this case there are two ideas being superseded: handwritten signatures and electronic transactions without signatures. Qualified electronic signatures enable users to conduct legally binding contracts with relying parties that are physically at a different location at any time by communicating over the internet. However, the user is forced to make these transactions at his PC using his signature card and card reader. So while the location of the relying party becomes unimportant, the location of the user making the transaction is fixed. Therefore, qualified electronic signatures will be a supplement of handwritten signatures (when conducting transactions over the internet) and not a substitute. The perceived relative advantage will most likely be the freedom of choice with whom to conduct business, the time independence and the possibility to conduct business at home instead of the necessity to show up at a specific location as for example in dealing with public administration.

In superseding electronic transactions without signatures, qualified electronic signatures take the role of a preventive innovation. Preventive innovations are ideas that are adopted by an individual at one point in time in order to lower the probability that some future unwanted event will occur [ROG03]. Preventive innovations usually have a very slow rate of adoption, because the unwanted event might not happen even without the adoption of the innovation. Therefore, the relative advantage is not very clear cut. Furthermore, qualified electronic signatures can only be used if they are accepted by the relying party. Therefore, the relative advantage is dependent on the size of the network of accepting parties, increasing the network effects described above.  

Table 3‑: Distribution of costs and benefits of qualified electronic signatures [LR05]

In order to determine the relative advantage perceived by potential adopters, it is important to take a look at the costs and benefits of qualified electronic signatures. provides an overview of the distribution of costs and benefits.

Table 3‑: Price strategy of the four major German trust centres [LR05]

Clearly the costs and benefits are not evenly distributed. While public administrations are the major gainers they only marginally contribute to the costs of the infrastructure. On the other hand private customers have to carry the majority of the costs, while gaining almost no benefits. Therefore, the relative advantage will probably be perceived as very low by private customers. shows the price strategy of the four major German trust centres.

All of these trust centres are using a fixed price strategy instead of practicing price differentiation for different customer groups. The prices can be regarded as being rather high if you consider that almost no applications for qualified electronic signatures exist. This leads to further reduction of the perceived relative advantage. 

Compatibility

Most signature providers use a PIN to authenticate the signatory. The usage of PINs has a high degree of compatibility since PINs are commonly used to authorise financial transactions for example in online banking or at ATMs. However, some individuals may not perceive a contract signed by means of qualified electronic signatures as a legal binding transaction, even if this is the case. Therefore, the potential adopter should be informed about the legal consequences of using qualified electronic signatures. 

Complexity

If we expect the average user to be able to understand the principles of public key cryptography we are asking too much [WHI99]. This, however, might not be necessary. By using qualified electronic signatures the perceived security is rather high and a complete understanding of the underlying principles is not required. For example the use of ATMs is quite common, despite the fact that most users do not understand the underlying processes and security measures. Of course it is of utmost importance that the signature application is easy to use and to comprehend and does not allow the user to give away his private key. On the other hand, the usage of a chip card reader will likely be new to most potential adopters and instalment and maintenance could lead to problems. 

Triability

With the way qualified electronic signatures are offered today, there is no triability possible. Customers are charged upfront with an initial fee and have to pay for certification services before they can create qualified electronic signatures. Therefore, potential adopters have to invest a considerable amount, before being able to test potential benefits of the innovation. However, it is possible to test electronic signatures in general by using free software like Pretty Good Privacy (PGP). But in this case different software with different look and feel, as well as a different certification structure would be tested rather than the one ultimately adopted.

Observability

By being able to verify their own signature the adopter can check the validity of his own signature and demonstrate it to other individuals. However, individuals who have not obtained a qualified electronic signature themselves are not able to verify the signature leading to missing observability. Furthermore, by being a preventive innovation the unwanted prevented event, by definition, does not occur, and thus can not be observed or counted. 

Qualified Electronic Signatures in the Innovation-Decision Process

So far, based on the market penetration rate of qualified electronic signatures to date [DK03], we assume that only a fraction of the innovators have adopted the innovation. Furthermore, informally, it is believed, that most potential adopters have not even reached the knowledge stage, meaning they are not even aware that this technology exists. For many new ideas, an innovation might create a need for it. This especially occurs for electronic consumer products such as DVDs or mobile phones [ROG03]. So possibly the awareness of qualified electronic signatures could create a need to adopt. However, so far the lack of an awareness policy and missing marketing efforts, as have been undertaken for other preventive innovations like HIV prevention and seat belt usage, has hurt the diffusion process. Even worse, political signals such as allowing non-qualified electronic signatures for e-government applications like for example the sphinx project in Germany are counterproductive especially in the persuasion phase [ROG03b]. Even if potential adopters develop a favourable attitude towards qualified electronic signatures and decide to adopt, it is actually pretty hard to obtain them, because the personal at the registration authorities is often badly informed and not aware that they even offer these products. Also there has been no effort so far to specifically target early adopters, who are the most influential party in the diffusion process. And even for individuals who actually have adopted, the lack of applications for qualified electronic signatures and the resulting negative feedback could eventually lead to discontinuance of the innovation. 

Analysis of Current Efforts to Diffuse Qualified Electronic Signatures

To increase the diffusion of qualified electronic signatures, several initiatives in Europe have been launched in the last couple of years. Some examples are described in [FS04] [CW04] [HVA04]. Common to these initiatives is that they focus on achieving a high penetration rate of signature card within the entire population. As has been seen with other preventive innovations, mere presence and availability does not necessarily lead to adoption of the innovation. One example is the German “Geldkarte”. This smart card enables small electronic payments and is included on most German EC-cards. Despite 60 million cards being distributed in Germany, only 38 million transactions have been made in 2005 (0,63 transaction per user per year). Therefore, a high penetration rate of signature cards does not necessarily lead to the adoption of qualified electronic signatures, especially if costs and benefits are not fairly distributed and prices remain as high as they are. In addition, the network for qualified electronic signatures does not increase with the distribution of signature cards but with the adoption of the signature. So by simply distributing signature cards, critical mass will not automatically be obtained. One example is the Danish signature initiative OCES. This project has been started by the Danish government in March 2003. It enables every citizen to obtain a free certificate. So far only 145.000 Danish citizens (less than 3% of the population) have obtained such a certificate [HVA04]. Therefore, it might be better specifically to target early adopters instead of trying to reach everyone. Also none of these initiatives has been able to provide any sort of triability of qualified electronic signatures. On the other hand electronic signature could be quite successful, when applied locally, when applications exist and when the costs are covered e.g., by an organisation.

Recommendations to structure the signature market

Based on the analysis above, we will now present some recommendations on how to structure the future market of qualified electronic signatures:

Shift costs and benefits in order to achieve a fair distribution: In order to increase the relative advantage of qualified electronic signatures, as perceived by potential adopters, it is necessary to have a fair distribution of costs and benefits. Price differentiation could be used specifically to target different customer groups. Also, a new price model, as proposed in [LR05], is necessary such that the signatory collects fees for signature verification, reducing their annual costs. Furthermore the acceptance of qualified electronic signatures could be increased by providing monetary benefits for its users. For example, fees for public administration processes could be omitted for users that choose to conduct these transactions online using a qualified electronic signature.

Try to reach a critical mass: It might be helpful to try to gain a critical mass of adopters by using “dumping” prices in the early phases of the diffusion process. Later on these early losses can be compensated by profiting on the ensuing lock-in effects [SV98]. An example of such a business model is the distribution of video game consoles. Vendors of video consoles sell their product with prices below their production costs in order to increase the size of their networks and to create lock-in effects. Later on they profit from selling games to their customer base [Sv98]. The same thing could be applied to qualified electronic signatures and the complementary product of signature verification.

Increase the knowledge: A large marketing campaign is essential to increase the awareness of the technology. This campaign could be financed by either the trust centres or public administration. As stated earlier the awareness of the new technology could trigger a need for it. Also, the gained benefits for public administration could finance the efforts to host such a campaign.

Specifically target early adopters: Early adopters are the most influential group of potential adopters. Therefore it is of utmost importance to place the product within this group in order to reach a critical mass.

Reduce complexity: In order to reduce complexity, mobile qualified electronic signatures might be very helpful. Also, for conventional signatures every effort to make the signature application as easy to use as possible, like for example including chip card reader in PCs, should be undertaken.

Increase triability: By, for example, issuing free 14 day certificates, certification service providers could enable potential customers to experience the product on a limited basis.