The use of the digital medium as an alternative to the physical medium has created novel legal issues. In the physical world today, there are requirements for documents to be in writing and for hand-written signatures. Such requirements need to be translated into the electronic realm.
What is the ETA?
Singapore, 19 February 2004
The use of the digital medium as an alternative to the physical medium has created novel legal issues. In the physical world today, there are requirements for documents to be in writing and for hand-written signatures. Such requirements need to be translated into the electronic realm.
For communication and transactions occurring over a faceless network, there is a need for reliable methods to authenticate a person's identity and to ensure the integrity of the electronically transmitted documents.
The Electronic Transactions Act (ETA) aims to address these important issues. The ETA was enacted in July 1998 to create a predictable legal environment for electronic commerce, remove existing legal impediments, and to create the legislative framework for electronic transactions in Singapore.
These guiding principles were adopted when the ETA was drafted:
(i) The need to conform to international standards and international models in order to be integrated with the global e-commerce framework;
(ii) The need to avoid over regulation;
(iii) The need to be flexible and technologically neutral to adapt quickly to a fluid global environment; and
(iv) The need for transparency and predictability in our laws.
In general, the ETA seeks to enact a Commercial Code to support e-commerce transactions; enable the use of electronic applications and electronic licences for the public sector; clarify Internet Service Providers' (ISPs) liability for third party content; and, provide for a Public Key Infrastructure.
Salient Features of the Electronic Transactions Act 1998
Commercial Code for E-Commerce Transactions
A commercial code to support e-commerce transactions is required to clearly define the rights and obligations of transacting parties. Therefore, the first objective of the ETA is to set out a commercial code that combines the best features of international models.
The ETA contains provisions dealing with how a contract can be formed electronically by addressing issues of time and place of sending and receipt of electronic messages. It provides legal status on the use of electronic records and signatures and their secure counterparts. The Evidence Act (Cap 97) was also amended in 1997 to allow the use of electronic records as evidence in the courts.
Electronic Applications and Licences for the Public Sector
In order to facilitate the use of electronic transactions in the public sector, the ETA contains an omnibus provision through which government departments and statutory boards can accept electronic filings without having to amend their respective Acts. It allows public bodies to issue permits and licences electronically. The ETA also provides that government departments and statutory boards can specify as regulations, and additional requirements for the retention of electronic records under their purview.
Network Providers' Liability
It is essential for the growth of a national information infrastructure that the exposure of network service providers to the risks of liabilities for third party content be managed. For example, an Internet Service Provider (ISP) should not be held liable for objectionable contents or defamatory statements on the thousands of web sites that are accessed daily, and over which the ISP has no control. The Act provides that a network service provider is not subject to criminal or civil liability for third party materials for which the provider is merely the host.
Where network service providers engage in activities which are indistinguishable from those of common carriers such as telephone companies and post offices, they are given the assurance that they will be treated in the same way, in respect of such activities. The clause, however, will not affect the obligations of a network service provider under any licensing or other regulatory regime established under the law, e.g. Singapore Broadcasting Authority's class licenses. It will also not affect any obligation founded on contract or any obligation imposed under any written law or by a court to remove, block or deny access to any material. Network service providers will of course continue to be liable for their own content, or third party content that they adopt or approve of.
Public Key Infrastructure
Singapore has been developing a public key infrastructure as a foundation for a trusted and secure environment in electronic commerce, and to facilitate the use of electronic signatures. The ETA provides for the appointment of a Controller of CAs, and enable regulations to be made for the licensing of certification authorities (CAs), including recognition of foreign CAs. The Controller will, amongst other duties, license, certify, monitor and oversee the activities of CAs.
| Glossary |
|---|
| Authentication The process of identifying an individual, usually based on username, password, biometrics, cryptography, etc. |
| Certification Authority (CA) A trusted third party who issues digital certificates, and vouches for the identity of the holder of the digital certificate. A CA is a relied-upon entity that issues, publishes, suspends and revokes digital certificates. The CA's basic role is to verify and vouch for the identity of subscribers and to provide certificate management services. A CA acts like a trusted electronic notary public, telling everyone who the valid users are and what their electronic signatures should look like. |
|
Cryptography |
| Digital certificate A digital certificate is an electronic document that ties each person's or organisation's identity to his/her public key. It contains certain digitally signed information, including the identification information of the person to be certified, the public key, purpose and scope of the usage of the key, name of CA, etc. Digital certificates are signed by the CA, so that users can verify that the certificates are authentic. A digital certificate, used in conjunction with the private key, serves as a form of electronic identification, much like a digital passport. |
| Electronic signature An electronic signature is an electronic form of a real world hand-written signature. Instead of applying to paper documents, these electronic signatures are applied to electronic documents. Like hand-written signatures, electronic signatures can be used to prove the authenticity of electronic documents. They can be used to establish the identity of a party, make legal commitments and/or guarantee that the contents of a file or message have not been altered. Someone who reads a document that is digitally signed by you can be assured that the document came from you. In addition, he is also assured of the integrity of the document, i.e., the document is complete and has not been modified in any way. |
| Key A string of digital bits that functions like a key to a lock in the physical world. It may be used to encrypt, decrypt and sign data. |
| Private key In public-key cryptography, private key is the key that is kept private to the user. It is used for decryption and signing. |
| Public key In public-key cryptography, public key is the key that is made known to the general public. It is used for encryption and verifying the authenticity of electronic signatures. |
| Public-key cryptography Public-key cryptography is a kind of cryptographic system that uses two electronic keys. One key is kept private to the user while the other key is made known to the general public. |
| Public-key infrastructure (PKI) A public-key infrastructure refers to the whole system of digital certificates, certificate servers and Certification Authorities (CAs). |
.webp)