(document status: work in progress)
There was a lot of hype in the 1990ies about digital signatures as a replacement for paper contracts and specifically, replacing wet signatures. Many countries implemented e-signature legislation to regulate the related liability issues hoping to push e-commerce and e-government adoption.
After 15 years it is fair to state that the expectations associated with the hype were consistently disappointed and the future of this application looks grim. National eID-programs failed to exceed a threshold of 1% active users (E.g. Austria, Japan, Finland). See below for a more detailed look on Estonia.
Jane Witt wrote in 2001 "There is mounting evidence that trying to use asymmetric cryptography as a signature on a contract is like trying to fit a square peg into a round hole, and the effort to get that square peg into that round hole has created a phenomenal sink hole into which countless individuals and organizations have poured vast resources with few tangible payoffs in sight."[1] Her far-sighted analysis is still valid ten years later.
Trying the reverse engineer the (perceived) business model following points can be observed:
- Relying Parties (those parties trusting in a document with a digital signature) are provided with an electronic signature that is in general the equivalent of a wet signature, excluding a few transactions, e.g. those that need a notary anyway.
- There no or only very limited approaches to multilevel security. Some eID-projects assume a single level (like the Austrian citizen card) or the signature law provides a limited selection, like advanced and electronic signature.
- To establish trust in the certificate authority there is a requirement for "sufficient financial provisions". E.g. in Austria 700,000