Skip to main content
SpringerLink
Log in

Security Issues Driving the Non-acceptance of Electronic Signatures

  • Chapter
  • First Online:
Electronic Signatures for B2B Contracts

  • 1092 Accesses

Abstract

Merriam-Webster online dictionary defines security as the quality or state of being secure, freedom from danger and freedom from fear or anxiety. In the context of electronic signatures, there is always a danger, fear or anxiety regarding their unauthorised or malicious use. The protection from such unauthorised and malicious usage requires some process, device or mechanism that ensures the confidentiality of electronic signatures. Note that there are three basic ways to secure electronic signatures: through the use of passwords where an electronic signature is stored on the hard disk of a computer, using portable information storage devices (PISDs) and using biometric devices. The underlying theoretical underpinning for these three methods of securing electronic signatures relates to the three ways of authenticating a user: by something he/she knows, by something he/she has and by something he/she is. Security is also achieved through a secure transmission process including the Internet such that a document signed through an electronic signature is not tampered with by a third person and reaches the recipient in the form in which it left the signatory.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Merriam-Webster’s Online Dictionary (2011) Merriam-Webster. http://www.merriamwebster.com/dictionary/security at 2 March 2012. Schneier, a well renowned security expert, is of the view that security is about preventing adverse consequences from the intentional and unwarranted actions of others. See Bruce Schneier, Beyond Fear: Thinking Sensibly About Security in an Uncertain World (2003) 11.

  2. 2.

    Steven Furnell, ‘An Assessment of Website Password Practices’ (2007) 26(7) Computers & Security 445, 445.

  3. 3.

    For example, in the context of contract, providing security means rendering certain the performance of the contract. See The Lectric Law Library’s Lexicon (2008) Lectric Law Library. http://www.lectlaw.com/def2/s140.htm at 10 March 2012.

  4. 4.

    See Matt Bishop, Computer Security: Art and Science (2003) 3–6.

  5. 5.

    A Grandori and M Warner, International Encyclopaedia of Business and Management (1996) Vol 5, 4419.

  6. 6.

    Confidentiality is the concealment of information or data through the use of an access control mechanism like password, integrity refers to the trustworthiness of data or resources and availability refers to the ability to use data at any time and the prevention of any outside interference. See Bishop above n 4.

  7. 7.

    See, for example, Adrian McCullagh, Peter Little and William J Caelli, ‘Electronic Signatures: Understand the Past to Develop the Future’ (1998) 21(2) University of New South Wales Law Journal 452; Stephen Mason and Nicholas Bohm, ‘The Signature in Electronic Conveyancing: An Unresolved Issue?’ (2003) 67 The Conveyancer and Property Lawyer 460; Roger Clarke, ‘The Fundamental Inadequacies of Public Key Infrastructure’ (Paper presented at the 9th International Conference on Information Systems, Bled, Slovenia, 27–29 June 2001); John Angel, ‘Why use Digital Signatures for Electronic Commerce?’ (1999) 2 Journal of Information, Law and Technology. http://www2.warwick.ac.uk/fac/soc/law/elj/jilt/1999_2/angel/ at 28 February 2012. Note that views of these eminent scholars and other experts have been discussed in Chap. 3.

  8. 8.

    P13_Co8_SM, Paragraph 54.

  9. 9.

    P8_Co5_Legal, Paragraph 63.

  10. 10.

    P2_Co2_Legal, Paragraph 57.

  11. 11.

    P2_Co2_Legal, Paragraph 57.

  12. 12.

    Seventeen participants considered security to be an issue; Seven claimed that security is not an issue while the remaining three were unable to comment.

  13. 13.

    P8_Co5_Legal, Paragraph 114.

  14. 14.

    For example, P15_Co10_Legal, Paragraph 63.

  15. 15.

    P2_Co2_Legal, Paragraph 88.

  16. 16.

    P20_Co11_IT, Paragraph 24.

  17. 17.

    P24_Co15_Legal, Paragraph 55.

  18. 18.

    P6_Co4_Legal, Paragraph 76. Note that legal issues with regard to electronic signatures are dealt in the following chapter.

  19. 19.

    P13_Co9_SM, Paragraph 145.

  20. 20.

    Especially for non-individual digital signature certificates or organisation digital signature certificates.

  21. 21.

    In the case of digital signature, it is the private key that the subscriber activates to create a digital signature.

  22. 22.

    Data message means ‘… information generated, sent, received or stored by electronic, optical or similar means including … electronic mail, telegram, telex or telecopy …:’ art 2(c) of the UNCITRAL Model Law on Electronic signatures 2001.

  23. 23.

    P25_Co15_IT, Paragraph 51.

  24. 24.

    P13_Co9_SM, Paragraph 87.

  25. 25.

    16 out of 27 participants.

  26. 26.

    For example, P26_Co16_SM, Paragraph 37; P24_Co15_Legal, Paragraph 104. Another participant remarked, ‘I would be quite happy with password protected electronic signatures. I have a whole range of information in my computer that is password protected and I’m happy with that … no one has hacked in yet so it’s reasonably safe’ (P26_Co16_SM, Paragraph 37).

  27. 27.

    P6_Co4_Legal, Paragraph 110.

  28. 28.

    P18_Co11_Legal, Paragraph 141.

  29. 29.

    As remarked by one IT participant, ‘I am very strict on it. … logon passwords are not to be written down … not to be repetitive … like just changing the number at the end. … they are not to be written down anywhere, not to be stored on the computer system. They are meant to be stored in people’s head and rotated every three months’ (P3_Co2_IT, Paragraph 78).

  30. 30.

    P18_Co11_Legal, Paragraph 124.

  31. 31.

    The earliest research into smart cards was carried out by two German inventors, Jürgen Dethloff and Helmut Grötrupp. In 1968, they patented their idea of using plastic cards to carry microchips. See Katherine M Shelfer et al., ‘Smart Cards’ (2004) 60 Advances in Computers 149. However, the concept of smart card that we know today was patented by Roland Mareno in 1974. See R Mareno, Methods of Data Storage and Data Storage Systems, United States Patent 3, 971,916, July 1976, filed as French patent application FR 7410191 on 25 May 1974. See also Dirk Husemann, ‘Standards in the Smart Card World’ (2001) 36(4) Computer Networks 473.

  32. 32.

    USB tokens such as flash disk are similar in shape and size to a house key and can be plugged into USB ports which come attached with most computers and laptops these days.

  33. 33.

    The standardised magnetic stripe card is by far the most commonly used card in payment systems across the world although recently a few financial companies particularly in Europe have started issuing credit cards embedded with the smart card technology. See BT Today, ‘Fingerprint Cards Announces Biometric Payment Card’ (2008) 16(2) Biometric Technology Today 3, 3. Similarly, in Australia, the Commonwealth Bank of Australia issues credit cards to its customers that have both a magnetic stripe as well as a microprocessor chip.

  34. 34.

    Hong Qian Karen Lu, ‘Network Smart Card Review and Analysis (2007) 51(9) Computer Networks 2234, 2234.

  35. 35.

    Johan Borst, Bart Preneel and Rijmen Vincent, ‘Cryptography on Smart Cards’ (2001) 36(4) Computer Networks 423, 423.

  36. 36.

    Note that these authors were referring to the private key of a digital signature. David M’Raïhi and Moti Yung, ‘E-Commerce Applications of Smart Cards’ (2001) 36(4) Computer Networks 453, 457; R Julia-Barceló and T Vinje, ‘Towards a European Framework for Digital Signatures and Encryption’ (1998) 14(2) Computer Law & Security Report 79, 82; Stephen G Myers, ‘Potential Liability Under the Illinois Electronic Commerce Security Act: Is it a Risk Worth Taking?’ (1999) 17(3) The John Marshall Journal of Computer & Information Law 909. Scholars’ views on this matter have been discussed in Chap. 3.

  37. 37.

    Myers, above n 36, 941.

  38. 38.

    As mentioned above in n 24, a SM participant pointed out that IT people generally have access to staff’s computers, and thus, anything stored on hard disks can be considered unsafe. In those circumstances, storing electronic signatures on PISDs is likely to provide more security.

  39. 39.

    11 out of 27 participants.

  40. 40.

    As one participant remarked, ‘Well I mean physically this is safer as a person keeps his mobile key or disk with him’ (P8_Co5_Legal, Paragraph 71).

  41. 41.

    P7_Co4_IT, Paragraph 37.

  42. 42.

    P7_Co4_IT, Paragraph 37.

  43. 43.

    ‘I would say either the USB key or a smart card would be better than having it on a hard disk but I would also suggest that the device itself needs a protection of its own, sign on or some sort’ (P7_Co4_IT, Paragraph 85).

  44. 44.

    ‘I think smart card will be the next logical step for businesses’ (P25_Co15_IT, Paragraph 59).

  45. 45.

    16 out of 27 participants.

  46. 46.

    ‘If you lose a smart card, who is to decide that someone else can’t read that smart card or use that smart card?’(P2_Co2_Legal, Paragraph 64).

  47. 47.

    P18_Co11_Legal, Paragraph 147.

  48. 48.

    P4_Co3_Legal, Paragraph 105.

  49. 49.

    P9_Co5_IT, Paragraphs 106.

  50. 50.

    P5_Co3_IT, Paragraph 90.

  51. 51.

    P23_Co14_SM, Paragraph 78.

  52. 52.

    As one participant remarked, ‘Perhaps you can combine with a password that might be like a PIN card’ (P18_Co11_Legal, Paragraph 151).

  53. 53.

    A SM participant noted, ‘I think that the USB technology is fairly new and is not much known in our organisation’ (P13_Co9_SM, Paragraph 101). A few legal participants were also unaware of the PISD technology.

  54. 54.

    They were as yet talking about it as an option that must be explored.

  55. 55.

    As mentioned in above n 33, the smart card is different from a credit card. Most credit cards make use of a magnetic stripe for storing data, whereas a smart card has a microprocessor affixed to the card that uses cryptographic authentication protocol for processing data. For technical details on the cryptography and protocols used in smart cards, see L C Guillou, M Ugon and J-J Quisquater, ‘Cryptographic Authentication Protocols for Smart Cards’ (2001) 36(4) Computer Networks 437. See also Borst, Preneel and Rijmen, above n 35.

  56. 56.

    P26_Co16_SM, Paragraph 41.

  57. 57.

    P26_Co16_SM, Paragraph 41.

  58. 58.

    As mentioned in Chap. 2, these biometrics can also be considered as a form of electronic signature.

  59. 59.

    Stephen G Myers, ‘Potential Liability under the Illinois Electronic Commerce Security Act: Is it a Risk Worth Taking?’ (1999) 17(3) The John Marshall Journal of Computer & Information Law 909, 941; R Julia-Barceló and T Vinje, ‘Towards a European Framework for Digital Signatures and Encryption’ (1998) 14(2) Computer Law & Security Report 79, 82; Kamini Bharvada, ‘Electronic Signatures, Biometrics and PKI in the UK’ (2002) 16(3) International Review of Law, Computers & Technology 265, 269.

  60. 60.

    Bharvada, above n 35, 269.

  61. 61.

    Other forms of secure biometrics are retina recognition and vein patterns.

  62. 62.

    Harold F Tipton and Micki Krause, Information Security Management Handbook (5th ed, 2004) 14.

  63. 63.

    Ibid.

  64. 64.

    20 out of 27 participants.

  65. 65.

    4 out of 27 participants.

  66. 66.

    For example, a couple of participants remarked: ‘[My] technical knowledge is lacking’ (P6_Co4_Legal, Paragraph, 138); ‘I don’t know how effective it is’ (P24_Co15_Legal, Paragraph, 119).

  67. 67.

    For example, P18_Co11_Legal, Paragraph 155; P2_Co2_Legal, Paragraph 64.

  68. 68.

    P4_Co3_Legal, Paragraph 113.

  69. 69.

    For example, a few remarks made were ‘That’s a clever thought having some sort of biometric that authenticates the person. If it was to that level, ya, that would be very acceptable definitely’ (P9_Co5_IT, Paragraph 110); ‘Oh better than just a password … it’s another form of security’ (P3_Co2_IT, Paragraph 85); ‘I think that’s a lot safer than smart cards’ (P3_Co2_IT, Paragraph 86).

  70. 70.

    P7_Co4_IT, Paragraph 97.

  71. 71.

    An IT participant pointed out that his organisation was issuing new laptops that were equipped with biometric scanners to its staff. According to another participant, his company was using a thumb print device on USBs for staff to access the organisation’s network with a view to providing a double layer of security and confidentiality.

  72. 72.

    P23_Co14_SM, Paragraph 83.

  73. 73.

    P5_Co3_IT, Paragraph 98.

  74. 74.

    P7_Co4_IT, Paragraph 59.

  75. 75.

    For example, P5_Co3_IT, Paragraph 98; P7_Co4_IT, Paragraph 59.

  76. 76.

    P25_Co15_IT, Paragraph 59.

  77. 77.

    See ‘Hi-tech Giant Microsoft has Acknowledged that a Security Flaw in its Popular Internet Passport Service left 200 Million Consumer Accounts Vulnerable to Hackers and Thieves’: Editorial, ‘Online Flaw a Visa to Thieves’, World, Herald Sun (Melbourne), 10 May 2003, 19.

  78. 78.

    Clarke, above n 7.

  79. 79.

    Clarke, above n 7.

  80. 80.

    Steve Burnett, and Stephen Paine, RSA Security’s Official Guide to Cryptography (2001) 7.

  81. 81.

    Drugs and Crime Prevention Committee, Parliament of Victoria, Inquiry into Fraud and Electronic Commerce (2004) 75. http://www.parliament.vic.gov.au/dcpc/Reports/DCPC_FraudElectronicCommerce_05-01-2004.pdf at 21 March 2012.

  82. 82.

    Paul Markillie, ‘A Survey of E-Commerce: Unlimited Opportunities?’, The Economist, 15 May 2004, 14.

  83. 83.

    20 out of 27 participants.

  84. 84.

    The reason why these IT participants felt secure with regard to transactions over the Internet was because they were doing their personal banking online and were satisfied with the Internet from a security perspective. ‘I do my own banking on the Internet and as far as security is there and is encrypted correctly there is no problem. The only problem with the Internet is that things are delayed due to its nature, but security I don’t think is an issue’ (P5_Co3_IT, Paragraph 102). Another IT participant stated that security of any document traversing through the Internet ‘depends upon the encryption level, how hard it is to crack’ (P3_Co2_IT, Paragraph 103). He believed that security was not an issue where encryption technology is used to the highest level. Note that as discussed in Chap. 2, the encryption technologies underlying digital signatures can ensure confidentiality of information. See also Margaret Jackson, ‘Internet Privacy’ (2003) 53(2) Telecommunications Journal of Australia 21, 29.

  85. 85.

    P3_Co2_IT, Paragraph 103.

  86. 86.

    P8_Co5_Legal, Paragraph 26.

  87. 87.

    P2_Co2_Legal, Paragraph 44.

  88. 88.

    P12_Co7_SM, Paragraph 39.

  89. 89.

    ‘Personally, I use banking facilities over the Internet and things like that. I don’t have any concerns with it’. (P13_Co9_SM, Paragraph 83).

  90. 90.

    P26_Co16_SM, Paragraph 57.

  91. 91.

    Bruce Schneier, ‘Art and Science: Bruce Schneier Shares Security Ideas at Museum’, Network World, 28 March 2008. http://www.networkworld.com/news/2008/032808-schneier.html?page=1 at 20 March 2012.

  92. 92.

    Ibid.

  93. 93.

    An IT participant showed his concern when he said that without strong passwords ‘it is always risky for your PC to be sitting there all day. Anybody can walk up to it and do whatever he or she likes’ (P25_Co15_IT, Paragraph 51).

  94. 94.

    See Ernst & Young, Global Information Security Survey 2006-Achieving Success in a Globalized World: Is Your Way Secure? (2006). http://www.naider.com/upload/ernst%20young.pdf at 21 March 2012; Steven Furnell, ‘Authenticating Ourselves: Will We Ever Escape the Password?’ (2005) 3 Network Security 8, 9; John Leyden, Office Workers Give Away Password for a Cheap Pen (2003) The Register. http://www.theregister.co.uk/2003/04/18/office_workers_give_away_passwords/ at 21 March 2012.

  95. 95.

    ‘Lazy workers beware! Study reveals the most popular computer password (and, yes, it’s ‘Password1’)’, Daily Mail, 6 March 2012. http://www.dailymail.co.uk/news/article-2110924/Lazy-workers-beware-Study-reveals-popular-password-yes-Password1.html at 20 March 2012.

  96. 96.

    International Chamber of Commerce, Being Coy about your Age makes Good E-Security Sense (2000). http://www.iccwbo.org/search/query.asp at 25 April 2011. In another study, 80 % of the people surveyed had passwords related to golf. See Wayne C Summers and Edward Bosworth, ‘Password Policy: The Good, the Bad, and the Ugly (Paper presented at the Winter International Symposium on Information and Communication Technologies (WISICT’04), Cancum, Mexico, 5–8 January 2004).

  97. 97.

    For more details on social engineering and password security, see Michael E Whitman, Herbert J Mattord, Management of Information Security (2004).

  98. 98.

    Joseph A Cazier and B Dawn Medlin (2006) ‘Password Security: An Empirical Investigation into E-Commerce Passwords and their Crack Times’ (2006) 15(6) Information Systems Security 45, 47. Social engineering involves social skills to convince an individual to disclose either directly personal details such as a password or those details that will help identify the individual’s password. For example, in a European trade show, using social engineering skills, its organisers asked unsuspecting office workers travelling through the London tube for their office computer passwords. More than 70 % of the respondents disclosed such details without hesitation. See Kerry Murphy, ‘Psst: a candy Bar for Your Password?,’ IT Business, The Australian (Melbourne), 27 April 2004, 6. Also ‘study after study shows that [people] will give up passwords if asked in the right way’. See Keith Regan, The Fine Art of Password Protection (2003) E-Commerce Times. http://www.ecommercetimes.com/story/21776.html at 20 March 2012. In those cases where social engineering is unsuccessful or not applicable, passwords can be cracked through a range of software which is readily available in the marketplace. For example, L0phtCrack is a widely available software that can be used to crack open a password. In a recent study, it was found that more than 99 % of passwords used in e-commerce can be effortlessly cracked using the L0phtCrack 5 software. An astounding 90 % of the passwords were found to be cracked within a minute. See Cazier and Medlin, above n 98. For a list of software available that can be used to crack or recover passwords, see Free Download Manager Software Downloads Site. http://www.freedownloadmanager.org/download.htm/ at 5 March 2012.

  99. 99.

    Craig Donovan, Strong Passwords (2002) SANS Institute. http://www.giac.org/paper/gsec/43/strong-passwords/100348 at 15 March 2012.

  100. 100.

    See Don Davis, ‘Compliance Defects in Public-key Cryptography’ (Paper presented at the 6th Conference on USENIX Security Symposium, Focusing on Applications of Cryptography, San Jose, CA, 22–25 July 1996).

  101. 101.

    The researcher’s findings are in conformity with scholars’ views on this subject. Scholars believe that there is a high usability barrier to the proper handling of passwords and that they represent one of the most exploitable elements in the chain of security. See J Mulligan and A J Elbirt, ‘Desktop Security and Usability Trade-offs: An Evaluation of Password Management Systems’ (2005) 14(2) Information Systems Security 10, 10.

  102. 102.

    R R Jueneman and R J Robertson Jr, ‘Biometrics and Digital Signatures in Electronic Commerce’ (1998) 38(3) Jurimetrics 427, 428; Davis, above n 100.

  103. 103.

    Mason and Bohm, above n 7, 465.

  104. 104.

    Ibid.

  105. 105.

    In the past few years, smart cards have become more powerful and secure. See Bart Preneel, ‘A Survey of Recent Developments in Cryptographic Algorithms for Smart Cards’ (2007) 51(9) Computer Networks 2223, 2230; Josep Domingo-Ferrer, et al., ‘Advances in Smart Cards’ (2007) 51(9) Computer Networks 2219, 2219; Drugs and Crime Prevention Committee, above n 82, 97. Developments in the field of smart card technology are ongoing. The industry is coming up with a new type of card known as the Network Smart Card. Unlike the traditional smart card that uses the international standard ISO 7816 communication protocol to communicate to a host computer through a smart card reader, a Network Smart Card is not required to follow this protocol. It can communicate directly with local and remote computers using standard Internet protocols. This enables them to provide end-to-end security over the Internet and protect digital identities effectively. See Lu, above n 34, 2234. See also Joaquin Torres, Antonio Izquierdo and Jose Maria Sierra, ‘Advances in Network Smart Cards Authentication’ (2007) 51(9) Computer Networks 2249.

  106. 106.

    J Kingpin, ‘Attacks on and Countermeasures for USB Hardware Token Devices’ (Paper presented at the 5th Nordic Workshop on Secure IT Systems Encouraging Co-operation, Reykjavik, Iceland, 12–13 October 2000) 35.

  107. 107.

    More recently, biometrics has also been combined with server centric PKI where the subscriber/user’s private key is stored on a centralised server and access is granted through his biometrics. However, the technology is still at an immature stage and the cost is too high. See A Jancic and M J Warren, ‘PKI-Advantages and Obstacles’ (Paper presented at 2nd Australian Information Security Management Conference on Securing the Future, Perth, Australia, 26 November 2006).

  108. 108.

    Paul Reid, Biometrics for Network Security (2004) 10.

  109. 109.

    See above n 75.

  110. 110.

    See Leigh Funston, ‘Biometric Technology Shines’ (2007) (June) Australian National Security Magazine 28.

  111. 111.

    Andrea Klein, ‘Building an Identity Management Infrastructure for Today … and Tomorrow’ (2007) 16(2) Information Systems Security 74, 74.

  112. 112.

    Such software can remotely back up data from the individual’s computer by bypassing the operating system protections such as passwords used to secure the contents on his computer. In addition, the KeyLogging software, which can record key strokes and capture passwords, can also be downloaded from the Internet. A hacker can use such software to perform attacks on password-protected files such as an electronic signature stored on a computer’s hard disk. See especially Burnett and Paine, above n 80, 7. See generally Jeordan Legon, Student Hacks School, Erases Class Files (2003) CNN.com 11 June 2003. http://www.cnn.com/2003/TECH/internet/06/10/school.hacked/index.html at 12 March 2012.

  113. 113.

    An intranet is a network of computers within an organisation. The Intranet may or may not be connected to the global Internet. Examples of Intranet are the local area network (LAN), the metropolitan area network (MAN) and the wide area network (WAN).

  114. 114.

    The phrase loose lips sink ships comes from a US war propaganda slogan during World War II. It was an attempt of the Office of War Information to limit the possibility that people might inadvertently give useful information to enemy spies. This was one of several similar slogans which all came under the campaigns basic message – ‘Careless Talk Costs Lives’. See The Phrase Finder. http://www.phrases.org.uk/meanings/237250.html at 14 March 2012.

  115. 115.

    A good practice is to use a password which is a combination of symbols, numbers and letters. See Peter P Swire, ‘A Model for when Disclosure Helps Security: What is Different about Computer and Network Security?’ (2004) 3 Journal on Telecommunication & High Technology Law, 163, 190.

  116. 116.

    In reality, there should be two passwords. One password should be used to secure access to the computer and the other to secure access to the electronic signature. Also, the two passwords should be different to enhance security.

  117. 117.

    Readers may argue that electronic signatures stored on a smart card may be susceptible to Internet risks. This would happen when during the process of signing a document the smart card is connected to the computer that is in turn connected to the Intranet/Internet. During that period, a remote attack is possible on the electronic signature. However, since the smart card is in contact with the Intranet/Internet for only a very short period, this threat is minimal as compared to when electronic signatures are stored on a computer’s hard disk which is often connected permanently to the Internet/Intranet. However, the Network Smart Card can overcome this problem to a considerable extent. See Hong Qian Karen Lu, ‘Network Smart Card Review and Analysis (2007) 51(9) Computer Networks 2234, 2234. See also Joaquin Torres, Antonio Izquierdo and Jose Maria Sierra, ‘Advances in Network Smart Cards Authentication’ (2007) 51(9) Computer Networks 2249.

  118. 118.

    Note that the former federal government was planning to introduce the national identity card that would have used the smart card technology. The intention was to replace a number of existing cards, including the Medicare card and various benefit cards issued by Centrelink and the Department of Veterans’ Affairs with the ID card. Had this project been implemented, it would have most likely familiarised users with the smart card technology given the broad-based use of Medicare and Centrelink cards. For issues related to such cards, see Graham Greenleaf, ‘Function Creep – Defined and Still Dangerous in Australia’s Revised ID Card Bill’ (2008) 24(1) Computer Law & Security Report 56; Graham Greenleaf, ‘Australia’s Proposed ID Card: Still Quacking like a Duck’ (2007) 23(2) Computer Law & Security Report 156; Margaret Jackson and Julian Ligertwood, ‘Identity Management: Is an Identity Card the Solution for Australia?’(2006) 24 Prometheus 379; Margaret Jackson and Julian Ligertwood, ‘The Health and Social Services Access Card: What will it mean for Australians?’ (Paper presented at the Financial Literacy, Banking and Identity Conference, Melbourne, Australia, 25–26 October 2006).

  119. 119.

    The fingerprint sensor works as follows: The user places his finger on the sensor area of the smart card once it is inserted into the reader. The feedback on access or denial is given through a green or red light embedded within the card. Note that the cost of these cards currently varies from US$40–US$60. See BT Today, ‘A Standards-based Biometric Smart Card – At What Cost?’ (2008) 16(1) Biometric Technology Today 3, 3. See also Denis Praca and Claude Barral, ‘From Smart Cards to Smart Objects: The Road to New Smart Technologies’ (2001) 36(4) Computer Networks 381, 386.

  120. 120.

    Thomas R Peltier, ‘Implementing an Information Security Awareness Program’ (2005) 14(2) Information Systems Security 37, 37.

Author information

Authors and Affiliations

  1. Business law and Taxation, Monash University, Melbourne, Victoria, Australia

    Aashish Srivastava

Authors
  1. Aashish Srivastava
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer India

About this chapter

Cite this chapter

Srivastava, A. (2012). Security Issues Driving the Non-acceptance of Electronic Signatures. In: Electronic Signatures for B2B Contracts. Springer, India. https://doi.org/10.1007/978-81-322-0743-6_5

Download citation

Publish with us

Policies and ethics

Search

Navigation