Slashdot Mirror

← Back to Stories (view on slashdot.org)

German Government Introduces Digital Signatures

Posted by timothy on from the weakest-link dept.

bertvl writes: "From this article on CNN: Germany's federal government is introducing electronic signatures for its employees, a step it hopes will help make the security procedure generally accepted in the country. More than 200,000 employees of ministries and agencies will be able to sign electronic documents using a chip card with an encrypted key, giving them the same legal weight as paper documents with a handwritten signature, the federal Cabinet said in a statement Thursday."

8 of 210 comments (clear)

  1. We already have it in Belgium by arnwald · · Score: 4, Interesting

    Just last week I set up my life insurance,
    and they used the chip in my bank card as a digital signature (together with the code).

    The nice lady all explained me on how the Belgian State now accepts these digital signatures and how great that was.

    Mind you, that I reside in a farmer community, I wonder how the farmers react ?

    Greetings.

    --
    My other sig is Funny.
  2. That's final proof.. by Rob+Kaper · · Score: 5, Interesting

    The German government just get it. First they send 52-page colour booklets promoting open source to all businesses in the country, then they give a large sum of money to add more security and encryption in mutt and KMail, and now this!

  3. Germany by Supa+Mentat · · Score: 5, Interesting

    You know Germany seems to be one of the technological world leaders. They just decided to phase out all nuclear power in favor of wind power by the year's end and it looks like they'll do it. The acceptance of digital signitures is a huge step in helping the internet reach its full potential for changing the way we live our lives. Germany is taking this first step. What I want to know is: who are the politicians making all of these progressive decisions and what affect are they having in the EU Parliament? Are other European countries following Germany's lead in these type of issues? I know that German business law strongly favors big business, are there any other laws or policy that a liberal would take issue with in Germany? What is the state of Linux use in Germany? I ask all this because I'm looking at an offer for a research position at the Max Planck Institute in Munich (I'm sorry _Munchen_:).

    --
    "A witty saying proves nothing." - Voltaire
  4. Legal Weight by Mike+Connell · · Score: 5, Interesting

    Surely the 'legal weight' will be determined by the courts: It's only a matter of time before somebody signs something (or appears to), and then denies any involvment. Excuses (true or not) of "My card was stolen", "They made me tell them the key", "I don't know what you're talking about" will presumably be uttered (in german). Cryptogram has covered the problem that "the key isnt the person" in the past.

    If the first 10 cases all end up with courts deicing that there isn't enough evidence that the person did actually "sign" the document, there surely won't be much legal weight? A paper signature means little if there is sufficient doubt about it's authenticity, I dont see how that's going to change here.

    As an aside, I like the last line of the CNN piece:

    Bitkom called instead for a "citizens' card," with chip and electronic signature, for all Germans.

    Yeah Baby! I can't see anything bad happening down that road!

    --
    Tales from behind the Lagom Curtain
    1. Re:Legal Weight by Alsee · · Score: 4, Interesting

      So, you say a hand signature ... is more secure than a card that has to be stolen plus a PIN

      It depends what you mean by secure. If you type your name here I can forge your signature without ever having seen it. I can't do that with your digital signature. But anyone knowledgeable can look at the signature and see it's forged. You can prove you didn't sign it, and they have a lead in trying to catch me. If I have a copy of your signature and am an expert forger things get more difficult, but expert analyisis may prove you didn't sign it.

      If I catch your PIN on camera and swipe your card I can make a perfect signature. You have no way to even try to prove you didn't sign it.

      And the topic of the thread was how much legal weight a digital signature would have, compared to paper signature. In my oppinion a paper signature would have to carry more weight in court.

      Don't get me wrong, I'm definitly pro-technology. This thing is pretty cool.

      -

      --
      - - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
  5. So what's the difference with a phisical ID... by lay · · Score: 4, Interesting

    ...after all?

    I know you americans don't have ID cards, but we have them in Portugal and allways had, so we don't tend to consider them as forms of major control, even though they are.

    The point here is that if you loose your wallet and someone gets ahold of your ID card, you can be in a lot of trouble if it gets misused.

    I have heard of stories from people I know that lost their ID and found themselves being chased by stores that claimed people had bought stuff there, paid the first entrance fee and never paid the rest. And that is the least that you can expect, even if you report your ID being missed 5 minutes after you loose it.

    We, at least, don't have that many legal mechanisms to prevent situations like those, but I would bet it's a matter of time until there is a case of stolen digital ID.

    The German government, by giving incentive to open source applications like encription and security are aware of these problems. So if they actualy exist? They existed well before things went digital, so you can expect a few cases of stolen ID before things get smooth.

    Nice move here in Europe, btw. First GEANT, now this, really love the way things are popping up after a lot of foundation work.

    Lay

    Weakly typed languages will bring us armageddon

    --
    Lay
    Weakly typed languages will bring us armageddon
  6. Why Digital Signatures Are Not Signatures by fhwang · · Score: 5, Interesting
    Damn, I could've sworn it was just yesterday that I posted this article to another discussion here on /.

    Everyone who's praising the German government on being all tech-savvy and forward-thinking and blah-blah-blah should first read Bruce Schneier's thoughts on the subject: Why Digital Signatures Are Not Signatures.

    In a nutshell, he says this: Cryptography can do quite a bit to guarantee that a given signature came from a given computer. It can do absolutely nothing to guarantee that that signature represents the person it purports to represent. To quote Schneier: "The mathematics of cryptography, no matter how strong, cannot bridge the gap between me and my computer."

    It's all good and well for governments to embrace new technology, but only if they don't cause major fuckups in the process.

    --

    Do domain names matter?

  7. Be equally critical of new and old by Mawbid · · Score: 4, Interesting
    When evaluating new systems, people tend to be critical, and rightly so; implementing the system is costly, and a lot could go wrong.

    But I feel that often the risks and costs of the old system are not given as much weight.

    Let's take an example. Some years back, an argument raged in my community about a proposed tunnel under a fjord. The tunnel would allow people to get to the other side in 6 minutes instead of following the outline of the fjord for 45 minutes on a narrow, winding, often steep road.

    The risks of the the new system, the tunnel, got a lot of press. We were treated to many horrifying predictions, each fit for a disaster movie. The proponents of the tunnel pointed out that while the road does not make a good disaster movie, people regularly die in car crashes on it.

    My observasion is that this argument got considerably less recognition than it should have if people had viewed the issue rationally.

    In light of this, can we perhaps enrich the discussion on this particular new system (digital signatures) by identifying the risks and costs of the old system (handwritten signatures on paper).

    I can see a few.

    1) Signatures can be forged. It takes talent, skill and effort to do it well, but only rarely do you need to do it well, because the signature is rarely verified by anyone who actually knows how to do it. (It's not always verified at all. I saw a bogus check hanging in a store once, signed Donald Duck or something like that. The clerk had actually accepted this check as payment.)

    2) The piece of paper needs to be in the same place as the signer. This can't always be arranged easily and sometimes people accept the dangerous alternative of doing business with no signature at all (or a weaker version of the digital signature, the pin code).

    3) Handwriting recognition can't be automated (or has the software gotten good enough?), with the same results as in point 2 (think ATMs).

    I'm thinking of things like online shopping and tax returns at the same time here, but to get a clear picture the applications of signatures should probably be categorized. Also note that I haven't decided in favour of digital signatures. I just want to promote this idea of mine that we should give equal weight to the risks and costs of the system already in place as to the risks and costs of the system being proposed.

    --
    Fuck the system? Nah, you might catch something.