The European Union took an active stance on issues relating to the information society by 1996. In September 1996, the European Parliament passed a resolution asking the Commission to prepare proposals covering security and confidentiality, authentication and to safeguard privacy, and in November 1996 the Council of Ministers requested the member states and the Commission to prepare consistent measures to ensure the integrity and authentication of electronically transmitted documents. Further initiatives continued, with the OECD adopting ‘Guidelines for cryptography policy’ on 27 March 1997, which set out general principles to guide countries in formulating policies related to the use of cryptography. A European Ministerial Conference took place in Bonn in July 1997, entitled ‘Global Information Networks: Realising the Potential’, which led to the Bonn Ministerial Declaration, the objective of which was ‘to broaden the common understanding of the use of Global Information Networks, to identify barriers to their use, to discuss possible solutions and to undertake an open dialogue on further possibilities for European and international co-operation’. The Declaration covered the topic of electronic signatures, specifically digital signatures:
38. Ministers emphasise the need for a legal and technical framework at European and international level which ensures compatibility and creates confidence in digital signatures, a reliable and transparent way of ensuring data, document and message integrity and authentication both for electronic commerce and for electronic transactions between public bodies and citizens.
39. Ministers call upon industry and international standards organisations to develop technical and infrastructure standards for digital signatures to ensure secure and trustworthy use of networks and respect privacy and data protection requirements.
40. Ministers will initiate the necessary steps to remove barriers to the use of digital signatures in law, business and public administration, and to provide legal and mutual recognition of certificates.
The Commission subsequently produced a communication in response to the resolution from the Parliament, ‘Ensuring security and trust in electronic communications towards a European framework for digital signatures and encryption’. This document made it explicit that the only method of electronic signatures that was under consideration was that of the digital signature. In arguing the case, assertions were made in the Executive Summary without reference to any evidence, or the accuracy of the premise upon which the assertion was made, such as: ‘As cryptographic services and products are more and more demanded’, and ‘As, in addition, they need a specific regulatory framework to take into account their legal implications’. One comment made was factually incorrect: ‘Digital signatures could even bring significant law enforcement benefits as they allow for example messages to be attributed to a particular reader and/or sender’, because no form of electronic signature, including the digital signature, is capable of proving the person whose private key was used was the person who caused the digital signature to be affixed to a document or communication. On the subject of digital signatures, it was asserted that the failure for digital signatures to be offered as a service was predicated on ‘the absence of legal recognition of digital signatures’. There was a fear among some that the European Union needed to regulate electronic signatures, especially as some nation states had already begun to pass laws on the topic. As can be expected, there was discussion about the technical requirements of digital signatures, including liability for certification service providers and interoperability.