45
view that a “secure electronic signature” would meet the following
criteria:
• The signature is under the control of the person or entity using it
and no other person or entity uses the signature;
• It is possible to independently verify the association of the
person or entity with the signature; and
• The signature is linked to data in such a manner that if any part
of the data is changed, the signature is altered.42
6.3.15 Digital signatures created under a PKI regime, and possibly under other
technologies as well, can present issues regarding to the protection of
personal privacy. Data trails may be created and data matching may be
facilitated. Implementation policies and government policies dealing
with the recognition of certificate authorities should consider the need to
balance personal and commercial privacy against other interests (some
of which will be dealt with under “lawful access”, below).
6.3.16 In some jurisdictions, distinctions are made between the approach used
for digital signatures used by government or for government transactions
and those used by the private sector for its own purposes. For example,
in Australia, accreditation is mandatory for PKI-based certificates used
by and with government agencies, but not for the private sector.
6.3.15 The EU recommended that governments play a more facilitative than
regulatory role with respect to certificate authorities. It may not be
necessary for Botswana to expend resources on developing a full-blown
regulatory structure to deal with authorisation, but rather may find that
consumers and business are sufficiently protected by a combination of
recognising certificate authorities in other jurisdictions and establishing
criteria against which levels of security and the appropriateness of a
particular technology or authority can be judged.
6.4
42
Recommendations:
- The Ministry of Communications, Science and Technology, in
consultation with the Ministry of Trade and Industry and the
Attorney General’s Chambers and other stakeholders such as
business and consumer groups, and the Law Society, should examine
the implications of adopting different approaches to the recognition
of digital signatures, which include:
o Legislative or other requirements regarding the level of security
required for certain types of key documents;
Canada, Department of Justice, Consultation Paper on Facilitating Electronic Commerce:
Statutes, Signatures and Evidence; canada.justice.gc.ca/en/cons/facilt7.html