Introduction

The success of e-commerce depends on having the necessary security protection in place for secure transmission of information to take place. The perceived lack of security on the Internet is often quoted as the primary reason why consumers are reluctant to enter into e-commerce transactions.

What is encryption?

Encryption is the application to data of particular mathematical computations rendering the data meaningless to those without the ability to de?crypt the message. Most modern cryptographic systems involve two keys, a private key and a public key. Every user generates his own secret and public key set and then publishes his public key for use by his communicating party while keeping the other key secret.

There is, however, a tension between the use of cryptography for authentication/integrity and right enforcement purposes, and the Government's security concerns regarding the use of cryptography. This has resulted in the statutory regulation of the use of cryptography.

Delivery systems

Where digital products are delivered on the Internet there is also an issue as to how delivery of those products can be kept secure and how to prevent unauthorised access. The threat of piracy in relation to a range of digital products e.g. computer games, CD's, MP3's, and DVD's is significant due to the ease with which they may be copied. The recent debate about the legal issues of downloading digital MP3 music files demonstrates that there is a serious issue that affects rights holders.

Electronic signatures

The key features of a digital signature are that it needs to be unique, so that only the user can create it.

In the UK, the Electronic Communications Act 2000 ("Act") establishes a statutory voluntary approvals regime, but the UK Government has stated that it does not propose to exercise this at present, and considers it would be more appropriate for a non-statutory voluntary approvals regime for cryptology authorisation service provides ("CASP"), called the "tScheme", to be set up by the Alliance for Electronic Business, to come up with the standards.

The UK has at any rate partly implemented the EU Digital Signatures Directive under the Act, by providing that digital signatures will be legally admissible in court for certain types of contract, although the requirements for a written signature still exists in legislation affecting e.g. property transactions and copyright assignments.