Digital signatures pose security risk, says expert

Do we need to worry about government tracing and identity theft?
Written by Will Knight, Contributor

A leading technology expert has warned that digital signatures, an increasingly prevalent Internet security technology, could hail a future devoid of privacy.

Speaking at the International Forum on Surveillance by Design in London, senior cryptographer with specialists in anonymous Internet technology Zero Knowledge Dr Stefan Brands warned that digital signatures might lead to widespread government tracing and identity theft.

Digital signatures provide an Internet user with a unique identity document protected by encryption keys which serves to assure a third party that a document, a message or a transaction comes from who it says it does. The technology may help to soothe consumer fears about the dangers posed by computer hackers and the risks of using credit cards online or sending messages securely.

Although digital signatures may appear to solve many consumer worries, Brand believes that they raise equally pressing questions over liberties. Dr Brands warned that digital signatures could lead to a future where the online movements of citizens can be traced by governments. "These identity signatures are a very dangerous trend," says Brands. "Everything you do can be traced automatically. In the near future identity certificates may be built into anything that contains a computer such as phones and watches."

Brand warned that as well as unwanted surveillance digital signatures could allow for wholesale online identity theft. Digital signatures are already legally admissible in court within the UK and Brand argues that the theft of a digital signature might in the future land someone in serious trouble. "Identity signatures are being pursued worldwide and many people believe they will become a standard."

The movement towards a digital signature-based future may be difficult to halt, however. The Royal Mail announced plans Monday to extend its postal services to the Internet, providing all Internet users with a free, uniquely identifiable digital signature in an effort to bolster security.

Internet users in Britain will be able to get hold of the software needed to create a digital signature and establish a digitally safe identity at one of the 12,000 Royal Mail post offices across the UK from later this year. The software will also be made available for download from the Royal Mail's Web site.

The Royal Mail hopes that its reputation as Britain's postal protector will be decisive in establishing the credibility of these digital documents and will help to ensure that they are broadly adopted.

Digital signatures became law in the UK in May when the E-communications Act came into force. Initially loathed by industry for what it saw as draconian snooping clauses, the act received a cautious welcome from e-businesses and was hailed by e-Minister Patrica Hewitt as historic legislation that would "sweep away pen and paper".

Take me to Surveillance

Are digital signatures a valuable way of ensuring Net security, or the next step towards the erosion of personal privacy? To have your say online click on the TalkBack button and go to the ZDNet News forum.

Let the editors know what you think in the Mailroom. And read what others have said.

Editorial standards