Translation and Commentary by Christopher Kuner
Translation copyright 1996 Christopher Kuner. Reproduction is permitted, provided that this translator's note, including the above copyright notice, is retained in its entirety.
Commentary: This translation is of the final draft of the digital signature law which was approved by the federal cabinet and submitted to the lower house of the federal parliament ("Bundesrat") by Chancellor Helmut Kohl on December 20, 1996. Together with the final draft of the "Multimedia Law" (of which the digital signature law constitutes Article 3), the draft law will be debated in parliament during 1997, with the government's aim being to have it enacted as law by August 1, 1997. This "Final Draft" contains several changes to the previous draft (the "Working Draft" of November 4, 1996), which are marked in boldface. Most such changes are minor in nature, and relate mainly to terminology. Thus, "signature key certificate" has been changed to simply "certificate", and the term "attribute certificate" has been introduced (§ 2(3)). The requirements for recognition of foreign certificates have also been tightened (§ 15(1)).
Objective and Area of Application
(1) The purpose of this law is to create general conditions for digital signatures under which they may be deemed secure and forgeries of digital signatures or falsifications of signed data may be reliably ascertained.
(2) The application of other procedures for digital signatures is permitted insofar as digital signatures are not legally required under this law.
(1) A digital signature within the meaning of this law is a seal on digital data created with a private signature key, which seal allows, by use of the associated public key marked with a signature key certificate of a certifier or of the Authority under § 3, the owner of the signature key and the unforged character of the data to be ascertained.
(2) A certifier within the meaning of this law is a natural or legal person which attests to the attribution of public signature keys to natural persons and holds a license therefor under § 4.
(3) A certificate within the meaning of this law is a digital attestation marked with a digital signature concerning the attribution of a public signature key to a natural person (signature key certificate), or a special digital attestation which refers unmistakably to a signature key certificate and contains further information (attribute certificate).
(4) A time stamp within the meaning of this law is a digital attestation of a certifier marked with a digital signature that certain digital data was presented to it at a certain time.
The granting of licenses and the issuance of signature key certificates for certifiers, as well as supervision of compliance with this law and with the Legal Ordinance under § 16, rest with the Authority under § 66 of the Telecommunications Act.
Granting of Licenses for Certifiers
(1) The operation of a certifier requires a license of the Authority, which is to be granted upon application.
(2) The license shall be denied if there are factual grounds for the assumption that the applicant does not possess the reliability necessary for the operation of a certifier, if the applicant does not demonstrate that it possesses the necessary expert knowledge for the operation of a certifier, or if it can be expected that the further requirements for the operation of a certifier under this law and the Legal Ordinance under § 16 will not be present upon commencing operations.
(3) An applicant possesses the necessary reliability if it can guarantee that it will comply as license holder with the relevant legal requirements for the operation of a certifier. The necessary expert knowledge is present if those persons working for the certifier possess the necessary knowledge, experience, and qualifications. The further requirements for the operation of the certifier are present if the measures for fulfilling the security requirements of this law and the Legal Ordinance under § 16 are promptly notified to the Authority in a security plan, the implementation of which has been examined and verified by an instance recognized by the Authority.
(4) The license may contain subsidiary provisions insofar as necessary to ensure that the certifier fulfills the requirements of this law and the Legal Ordinance under § 16 upon commencing and during operations.
(5) The Authority issues the certificates for signature keys that are used to sign certificates. The provisions for the issuance of certificates by certifiers apply correspondingly for the Authority, which shall maintain access to the certificates which it has issued at all times and for everyone over publicly-accessible telecommunications connections. This also applies to information concerning the addresses and telephone numbers of certifiers, the blocking of signature key certificates which it has issued, the termination of and the prohibition against performing licensed activities, as well as the revocation of licenses.
(6) Costs (fees and expenses) shall be imposed for public services under this law and the Legal Ordinance under § 16.
Issuance of Certificates
(1) The certifier shall reliably identify persons who apply for a certificate. It shall confirm the attribution of a public signature key to an identified person by a signature key certificate and shall maintain access to such, as well as to attribute certificates, at all times and for everyone over publicly-accessible telecommunications connections in a verifiable manner and with the agreement of the signature key owner.
(2) Upon request of an applicant, the certifier shall record information concerning the applicant's power of representation for a third party or its professional or other licensing in the signature key certificate or in an attribute certificate, insofar as consent of the third party that such licensing or power of representation be recorded in a certificate is reliably demonstrated.
(3) Upon request of an applicant, the certifier shall record a pseudonym in the certificate in place of the applicant's name.
(4) The certifier shall take measures so that data for certificates cannot be forged or falsified in a way which is not visible. It shall furthermore take steps so that the confidentiality of a private signature key is guaranteed. Private signature keys may not be stored by a certifier.
(5) It shall use reliable personnel for the exercise of certification activities, and shall use technical components in accordance with § 14 for making signature keys accessible and creating certificates. This also applies to technical components which make possible the verification of certificates under para. 1, sentence 2.
Duty of Instruction
The certifier shall instruct the applicant under § 5 para. 1 concerning the measures necessary to contribute to secure digital signatures and their reliable verification. It shall instruct the applicant concerning which technical components fulfill the requirements of § 14, paras. 1 and 2, as well as concerning the attribution of digital signatures created with a private signature key. It shall point out to the applicant that data with digital signatures may need to be re-signed before the security value of an available signature decreases with time.
Contents of Certificates
(1) A signature key certificate shall contain at least the following:
1. The name of the signature key owner, which much be marked with an additional notation if there is the possibility of confusion, or an unmistakable pseudonym attributable to the signature key owner which shall be identified as such;
2. the attributed public signature key;
3. the name of the algorithms with which the public key of the signature key owner as well as the public key of the certifier can be used;
4. the number of the certificate;
5. the beginning and end of the certificate's validity;
6. the name of the certifier; and
7. information as to whether use of the signature key is limited to specific types and scopes of applications.
(2) Information concerning the power of representation for a third party or concerning professional or other licensing may be recorded in the signature key certificate or in an attribute certificate.
Blocking of Certificates
(1) A certifier shall block a certificate upon request of a signature key owner or his representative, if the certificate was issued based on false information under § 7, if the certifier has ended its activities and they are not continued by another certifier, or if the Authority orders blocking under § 13, para. 5, sentence 2. The blocking shall indicate the time from which it applies. Retroactive blocking is not permitted.
(2) If a certificate contains information about a third party, such party as well may demand blocking of the certificate.
(3) The Authority shall block certificates issued by it under § 4, para. 5 if a certifier terminates its activities or its license is revoked.
A certifier shall mark digital data upon request with a time stamp. Section 5, para. 5, sentences 1 and 2 apply accordingly.
A certifier shall document the security measures taken to comply with this law and the Legal Ordinance under § 16 as well as the issued certificates in such a way that the data and its unfalsified condition may be verified at any time.
Termination of Activities
(1) Upon termination of its activities, a certifier shall notify this to the Authority as soon as possible and shall ensure that certificates valid at the time of termination are taken over by another certifier or are blocked.
(2) It shall transfer documentation under § 10 to the certifier that takes over its certificates, or otherwise to the Authority.
(3) It shall immediately notify the Authority of any application for the opening of bankruptcy or composition proceedings.
(1) The certifier may collect personal data only directly from the affected person and only insofar as necessary for the purposes of a certificate. Collecting data from a third party is only permissible if the person affected gives his consent. Data may only be used for purposes other than those described in sentence 1 if this law or another legal provision so permits or the person affected has given his consent.
(2) In the case of a signature key owner using a pseudonym, the certifier shall transmit data concerning his identity upon request of the proper authorities, insofar as this is necessary to prosecute crimes or misdemeanors, to protect against dangers for the public safety or public order, or to fulfill the legal duties of the constitutional protection authorities of the federal government and the federal states, the federal security service, the military security service or the criminal customs authorities. Such information shall be documented.
(3) Section 38 of the Federal Data Protection Act shall apply, with the proviso that an examination may also be made even if there are no grounds for a violation of data protection provisions.
Control and Implementation of Responsibilities
(1) The Authority may take steps with regard to certifiers in order to ensure compliance with this law and the Legal Ordinance. It may also and in particular forbid the use of inappropriate technical components and forbid the exercise of licensed activities temporarily in whole or in part. Persons who give the false impression of having a license under § 4 may be forbidden to perform certification.
(2) Certifiers shall allow the Authority to enter their business and operational premises during normal business hours for the purpose of supervision under para. 1, sentence 1, and upon request shall present any relevant books, records, receipts, writings, and other records for inspection, and shall provide information and necessary assistance. The person required to provide the information may refuse to provide it with regard to questions, the answering of which would subject him or one of his family members mentioned in § 383 paras. 1 through 3 of the Civil Procedure Code to the danger of criminal prosecution or to a procedure under the Law on Misdemeanors. The person required to provide the information shall be informed of this right.
(3) In case of non-compliance with the duties arising under this law or the Legal Ordinance, or upon the coming into existence of a ground for refusing a license, the Authority shall revoke such license, if measures in accordance with para. 1, sentence 2 seem likely to be unsuccessful.
(4) In case of taking back or revocation of a license or the termination of activities of a certifier, the Authority shall ensure that such activity is taken over by another certifier or that contracts with signature key owners are wound up. This also applies with regard to an application for the opening of bankruptcy or composition proceedings, if the licensed activity is not being continued.
(5) The validity of certificates issued by a certifier shall be unaffected by revocation of a license. The Authority may order blocking of certificates if facts justify the assumption that certificates have been forged or are not sufficiently secure from forgery, or that the technical components used for application of signature keys demonstrate security defects which allow the forgery of digital signatures or the falsification of signed data to go undetected.
(1) During the creation and storage of signature keys and the creation and checking of digital signatures, technical components shall be used which have security features that make forgery of digital signatures and falsification of signed data reliably noticeable and protect against the unauthorized use of private signature keys.
(2) For the representation of data which is to be signed, technical components with security features shall be used which show unmistakably and in advance the creation of a digital signature and allow a determination of the data to which the digital signature refers. For the checking of signed data, technical components shall be used which have security features that allow it to be determined whether the signed data are unchanged, to which data the digital signature refers, and to which signature key owner the digital signature is to be attributed.
(3) With regard to technical components with which signature key certificates are maintained in a verifiable or accessible manner in accordance with § 5, para. 1, sentence 2, measures shall be taken in order to protect the certificate registries from unauthorized alteration and access.
(4) With regard to technical components under paras. 1 through 3, they shall be sufficiently examined under the state of the art and the fulfillment of the requirements shall be verified by an instance recognized by the Authority.
(5) It can be assumed that the requirements under paras. 1 through 3 regarding technical security are fulfilled with regard to technical components which are placed in circulation or legally manufactured in accordance with the rules or requirements of another Member State of the European Union or of another Contracting State of the Treaty on the European Economic Area, and which guarantee the same level of security. In individual cases and when there is a good reason, the Authority may require a demonstration that the requirements under para. 1 have been fulfilled. Insofar as a confirmation of an instance recognized by the Authority is required to be presented to demonstrate technical security requirements within the meaning of paras. 1 through 3, then confirmations by instances licensed in other Member States of the European Union or in other Contracting States of the European Economic Area shall be considered, if the technical requirements, examinations, and examination procedures on which the examination reports of such instances are based are equivalent to the those of instances recognized by the Authority.
(1) Digital signatures which may be checked with a public signature key for which a foreign signature key certificate of another Member State of the European Union or of another Contracting State of the Treaty on the European Economic Area exists are equivalent to digital signatures under this law, insofar as they demonstrate an equivalent level of security.
(2) Para. 1 also applies to other States, insofar as supranational or international agreements concerning the recognition of certificates have been concluded.
The Legal Ordinance
The federal government is empowered to promulgate by Legal Ordinance the provisions necessary to implement §§ 3 through 15, with regard to:
1. Further details of the procedure for granting, transfer, and revocation of a license, as well as the procedure for termination of licensed activities;
2. The circumstances giving rise to fees under § 4, para. 6 and the amount of fees;
3. Further structuring of the duties of certifiers;
4. The validity period of signature key certificates;
5. Further structuring of control over certifiers;
6. Further requirements for the technical components as well as the examination of technical components and confirmation that the requirements have been fulfilled;
7. The time period after which a new digital signature should be used, as well as the procedure therefor.