第四章 區塊鏈與現行電子簽章法之相容性檢視
第一節 美國電子交易法 UETA 介紹
國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
73
第一節 美國電子交易法 UETA 介紹
第一項 立法歷程
一、背景
1983 年全球第一台圖形使用者介面(Graphic User Interface)個人電腦-蘋果麗 莎誕生,縮短人與資訊科技產品的距離;1980 年美國國防部開發標準化的 TCP/IP 通訊協定,1989 年日內瓦歐洲核子研究中心(European Organization for Nuclear Research)提出 WWW(World Wide Web)的概念156,讓地理疆界的隔閡 不再是阻礙彼此交流的因素,網際網路所帶來的資訊科技傳播革命被認為是第 三次工業革命,徹底改變了人類的生活面貌。
隨著網路科技基礎建設的成熟,各種商業應用也相運而生,2000 年電子商 務發展進入蓬勃期,網路電子交易的快速發展,雖然降低交易成本並提升交易 效率,卻也衍生諸多法律問題,傳統的法律架構已無法滿足網際網路時代嶄新 多元的交易型態。
二、UETA 誕生
有鑑於此,聯合國國際貿易委員會(United Nations Commission on
International Trade Law)於 1996 年率先通過電子交易模範法,更於 2000 年完成 電子簽章模範規則的制定,此模範法之中對於電子契約、電子文件的效力、書 面性簽名及仲裁等問題提出規範標準,以供各國參考。
美國身為資訊科技和電子商務發展的領頭羊,1995 年猶他州即通過電子簽 章法(Utah Digital Signature Act),各州陸續跟進制定個別之電子簽章法,以滿足
156 Terry Chen,台灣網路編年史(一):1968 年至 2008 年,參考網址:http://tesa.today/article/700 (最後瀏覽日:2019 年 7 月 1 日)
‧
Transactions Act,以下簡稱 UETA)」,為各州電子簽名法律提供了參考標準157。目前,美國 50 個州中除了伊利諾斯州(State of Illinois)、紐約州(State of New York)、華盛頓州(State of Washington)之外,共計 47 個州通過以 UETA 為 標準之電子簽章法158。 簽章法」(the Electronic Signatures in Global and National Commerce Act,以下簡 稱 E-SIGN)。
E-SIGN 在立法原則、電子紀錄、電子簽章部分與 UETA 規範並無差異,
157 美國統一州法委員會(Uniform Law Commission)乃一非營利、非法人之團體,旨在促進各州 法律的一致性,委員會成員有法官、律師、立法者和各州代表,但因是非官方組織,其起草之 模範法(Model act)或統一法(Uniform act)僅具建議性質,而不像國家立法機關制定之法律具有實 質上拘束力。
158 美國各州採用 UETA 之統計,參考網址:
http://www.uniformlaws.org/Act.aspx?title=Electronic%20Transactions%20Act (最後瀏覽日:2019 年 7 月 1 日)
159 Stephanie Curry, Washington’s electronic signature act: An anachronism in the new millennium ,88 Wash.L.Rev 559, 560-561(2013)
160 Summary of Bills Pertaining to Electronic Signatures and Authentication in the 106th Congress, available at:http://techlawjournal.com/cong106/digsig/Default.htm (Last visited on 2019/07/01)
‧
161 15 U.S.C. § 7002(a)(1) ‘In generalA State statute, regulation, or other rule of law may modify, limit, or supersede the provisions of section 7001 of this title with respect to State law only if such statute, regulation, or rule of law—
(1) constitutes an enactment or adoption of the Uniform ElectronicTransactions Act as approved and recommended for enactment in all the States by the National Conference of Commissioners on Uniform State Laws in 1999, except that any exception to the scope of such Act enacted by a State under section 3(b)(4) of such Act shall be preempted to the extent such exception is inconsistent with this subchapter or subchapter II, or would not be permitted under paragraph (2)(A)(ii) of this subsection;’
162 Patricia Brumfield Fry, Introduction to the Uniform Electronic Transactions Act: Principles, Policies and Provisions, 37 Idaho L.Rev. 237, 249-50(2001)
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
76
子記錄之法律效力。
(二) 不因當事人選擇不同之交易方式而異其法律上效力。不管是以電子方式或 書面方式進行交易,應適用相同之法律原則。
(三) 法律須保持中立。法律不應限制或獨厚某種交易方式或技術,電子技 術應與傳統以紙作為媒介的交易方式同等視之,不應有差別待遇;
此外,更不應以法律去決定市場應採行何種交易模式。
(四) 應確保未來縱使科技和商業實踐有所轉變,現今法規範之制定都不會 成為電子商務發展之阻礙。
(五) 電子簽章法屬程序法性質,其規範應避免影響現行實體法有關於交易 之規定。
(六) 電子交易和電子記錄管理應與傳統書面以相同法律規定規範之,不應 分割立法或另立新法。
(七) 法規範應給予電子交易法律上之確定性,並肯認電子交易之執行力。
第三項 UETA 立法規範
第一款 電子簽章類型
一、定義
依據 UETA 第 2 條第 8 項,「電子簽章」係指以電子的聲音、標記(symbol) 或過程(process)附加於或邏輯上163關聯於一份記錄,且由具有簽章意圖之某人 執行或接受164,但 UETA 並未進一步區分電子簽章之類型。
163 根據美國統一州法委員會發行的 Uniform electronic transactions act(1999) with prefatory note and comments 指出,由於電子簽章不像紙本簽章有一實體介質如紙、文書供其附著(attached)而 有一有形的表現形式,因此使用邏輯地關聯(logically associated with)一詞代表電子簽章其乃經演 算法而使電子數據或文件可辨認其簽署來源的無實體表現形式。
164 UETA§2.8(1999), ‘Electronic signature” means an electronic sound, symbol, or process attached to
‧
Illinois)、紐約州(State of New York)、華盛頓州(State of Washington)未直接採用 UETA,而採行 UETA 的州僅少數針對憑證機構制定相關規範,下面以有明文or logically associated with a record and executed or adopted by a person with the intent to sign the record.’ (參照馮震宇老師於從政大法學評論《美國電子交易法制論我國電子簽章法》頁 201 中 之翻譯。)
165 UETA §7(1999) , ‘
(a) A record or signature may not be denied legal effect or enforceability solely because it is in electronic form.
(b) A contract may not be denied legal effect or enforceability solely because an electronic record was used in its formation.
(c) If a law requires a record to be in writing, an electronic record satisfies the law.
(d) If a law requires a signature, an electronic signature satisfies the law.’
166 UETA §7 comment1, p26, available at
http://www.uniformlaws.org/shared/docs/electronic%20transactions/ueta_final_99.pdf (Last visited on 2019/07/01)
‧ 國
立 政 治 大 學
‧
N a tio na
l C h engchi U ni ve rs it y
78
是否確實由簽章人(寄件人)所發布,故設計第三方憑證機構(Certificate
Authority)以簽發憑證的方式,認證此公鑰確實屬於簽章人(寄件人)所有,數位 憑證連結使用者身分與公開金鑰,如同網路世界中的身分證具有識別功能;而 憑證機構角色則如同戶政事務所,負責個人身分證明之審核、簽發、註銷和管 理。
圖 5:憑證機構運作示意圖 (作者自製) 圖 5 憑證機構運作說明:
A 憑證機構負責發行公鑰和私鑰,公鑰會留存在憑證機構,私鑰則 會分配予個人。
B 甲欲發送文件給乙,甲至憑證機構查詢乙的數位憑證,若確認乙數位 憑證無誤,則甲即可使用對應乙數位憑證的公鑰將文件加密,形成 數位簽章。
C 乙收到密文,以自己私密金鑰解密後得到文件訊息。
二、憑證機構之定義
依據明尼蘇達州電子認證法(Electronic Authentication Law) 325K.01 第 5 條、325K.01 第 22 條,「憑證機構」係指發行憑證之人或組織,而依據第
B 文件簽署
簽署憑證 簽署憑證
A 分發私鑰,公鑰則留存於憑證機構
數位簽章 C 接受密文,
並以自己私鑰 解密
甲 乙
發送者 接收者
‧
機構取得許可證照須符合以下八個條件168:(1)須向明尼蘇達州州務卿(Secretary of state)169取得許可且其儲存憑證之資料庫須獲得認證。(2)所屬員工對於此領域167 Minnesota Statutes 325K.01§5 (2017), ‘Electronic Authentication ‘Certification authority" means a person who issues a certificate.’ ;
Minnesota Statutes 325K.01§22 (2017), ‘Person means a human being or an organization capable of signing a document, either legally or as a matter of fact.’;
Minnesota Statutes 325K.05§4 (2017), ‘Certificate means a computer-based record that:
(1) identifies the certification authority issuing it (2) names or identifies its subscriber
(3) contains the subscriber's public key; and
(4) is digitally signed by the certification authority issuing it.’
168 Minnesota Statutes 325K.05§1 (2017), ‘To obtain or retain a license, a certification authority must:
(1) be the subscriber of a certificate issued by the secretary and published in a recognized repository;
(2) employ as operative personnel only persons who have not been convicted within the past 15 years of a felony or a crime involving fraud, false statement, or deception;
(3) employ as operative personnel only persons who have demonstrated knowledge and proficiency in following the requirements of this chapter;
(4) file with the secretary a suitable guaranty, unless the certification authority is a department, office, or official of a federal, state, city, or county governmental entity that is self-insured;
(5) use a trustworthy system, including a secure means for limiting access to its private key;
(6) present proof to the secretary of having working capital reasonably sufficient, according to rules adopted by the secretary, to enable the applicant to conduct business as a certification authority;
(7) register its business organization with the secretary, unless the applicant is a governmental entity or is otherwise prohibited from registering;
(8) require a potential subscriber to appear in person before the certification authority, or an agent of the certification authority, to prove the subscriber's identity before a certificate is issued to the subscriber.’
169 各州州務卿的職能各有不同,但主要負責事項多為各州之選舉事務,類似我國負責選舉工作
之中選會,但明尼蘇達州州務卿除了負責選舉事務外,亦負責憑證機構之認證和許可。(參照
‧
依據第 325K.11,取得許可之憑證機構對於其憑證用戶(Subscriber)170所發行 之憑證分為三種擔保責任171:1.絕對之擔保責任(Absolute warranties)。2.相對之 擔保責任(Negotiable warranties)。3.信賴擔保責任(Warranties to those who
reasonably rely)。前兩種擔保責任主要規範憑證機構與憑證用戶(Subscriber)之間 的法律關係,絕對擔保責任不能以特約免責,相對擔保責任則允許以特約免 責;最後一種擔保責任-信賴擔保責任之主體則是規範憑證機構與信賴憑證機構 所核發憑證之第三人的法律關係。
1.絕對之擔保責任(Absolute warranties)172:
係指取得許可之憑證機構對於憑證用戶(Subscriber)針對以下事項負絕對擔
Minnesota Statutes 325K.01§18(2017))
170 憑證用戶係指向憑證機構申請憑證之申請者,申請者須提交個人相關資料如出生年月日、身
分證字號、電話等,以利憑證機構確認申請者之身分。
171 Minnesota Statutes 325K.11(2017), ‘By issuing a certificate, a licensed certification authority warrants to the subscriber named in the certificate that:
(1) the certificate contains no information known to the certification authority to be false;
(2) the certificate satisfies all material requirements of this chapter; and
(3) the certification authority has not exceeded any limits of its license in issuing the certificate.’
172 Minnesota Statutes 325K.11§1(2017), ‘Absolute warranties to subscribers.By issuing a certificate, a licensed certification authority warrants to the subscriber named in the certificate that:
(1) the certificate contains no information known to the certification authority to be false;
(2) the certificate satisfies all material requirements of this chapter; and
(3) the certification authority has not exceeded any limits of its license in issuing the certificate.’
‧
175 Minnesota Statutes 325K.11§2(2017), ‘Negotiable warranties to subscribers. Unless the subscriber and certification authority otherwise agree, a certification authority, by issuing a certificate, promises to the subscriber:
(1) to act promptly to suspend or revoke a certificate in accordance with section 325K.14 or 325K.15;and
(2) to notify the subscriber within a reasonable time of any facts known to the certification authority that significantly affect the validity or reliability of the certificate once it is issued.’
176 Minnesota Statutes 325K.14§1(2017), ‘(1) upon request by a person identifying himself or herself as the subscriber named in the certificate, or as a person in a position likely to know of a compromise of the security of a subscriber's private key, such as an agent, business associate, employee, or member of the immediate family of the subscriber; or
(2) by order of the secretary under section 325K.10.’
‧
a. 憑證中所記載之憑證用戶(Subscriber)或憑證用戶(Subscriber)代理人、商業夥 伴、僱員或直系親屬提出暫停憑證之聲請。
3.信賴擔保責任(Warranties to those who reasonably rely)178
取得許可之憑證機構對於信賴其所發行憑證之人負有以下信賴擔保責任:
177 Minnesota Statutes 325K.14§2(2017), ‘Suspension for 96 hours; other causes. (a) The secretary may suspend a certificate issued by a licensed certification authority for a period of 96 hours, if:
(1) a person identifying himself or herself as the subscriber named in the certificate or as an agent, business associate, employee, or member of the immediate family of the subscriber requests suspension; and
(2) the requester represents that the certification authority that issued the certificate is unavailable.’
178 Minnesota Statutes 325K.11§3(2017), ‘ Warranties to those who reasonably rely. By issuing a certificate, a licensed certification authority certifies to all who reasonably rely on the information contained in the certificate that:
(1) the information in the certificate and listed as confirmed by the certification authority is accurate;
(2) all information foreseeably material to the reliability of the certificate is stated or incorporated by reference within the certificate;
(3) the subscriber has accepted the certificate; and
(4) the licensed certification authority has complied with all applicable laws of this state governing issuance of the certificate.’
‧
3.民事懲罰(Civil penalty)
若憑證機構違反本法規定,國務院得向其徵收罰款,每次違規事件所徵收 之金額不能超過 5000 美元。
179 Minnesota Statutes 325K.7(2017), ‘
1. Investigation. The secretary may investigate the activities of a licensed certification authority material to its compliance with this chapter and issue orders to a certification authority to further its investigation and secure compliance with this chapter.
2. Suspension or revocation. The secretary may summarily suspend or revoke the license of a certification authority for its failure to comply with an order of the secretary.
3. Civil penalty. The secretary may by order impose and collect a civil monetary penalty against a licensed certification authority for a violation of this chapter in an amount not to exceed $5,000 per incident. In case of a violation continuing for more than one day, each day is considered a separate
3. Civil penalty. The secretary may by order impose and collect a civil monetary penalty against a licensed certification authority for a violation of this chapter in an amount not to exceed $5,000 per incident. In case of a violation continuing for more than one day, each day is considered a separate