Month: September 2021

Last week an order for 186 double decker trains was nullified due to a legal formality surrounding the Qualified Electronic Signature used to ink the deal. Here, Guillaume Forget, managing director of e-signature specialist,
Cryptomathic GmbH, unpacks what went wrong and highlights what businesses everywhere can learn from the debacle.

On 21^st September 2021, the Swiss-based train manufacturer, Stadler, announced that it lost a €3 billion contract with the Austrian Federal Railways ÖBB due to a legally impermissible electronic signature on the purchase agreement.

The consequences of such a failure are serious. The costs inherent to a multi-billion public tender are counted in millions and the episode could delay delivery by a year or more. And now Stadler has no assurance whatsoever that it will still be awarded the contract.

What went wrong?

From a technical point of view the e-signature was not flawed. It was the surrounding legal framework that failed.

The contract was governed by Austrian Law and needed to be signed with a Qualified Electronic Signature (QES). The Austrian Signature Law is directly derived from EU law, the Electronic Identification and Trust Services (eIDAS) regulation, which warrants that a QES has the equivalent legal effect of a handwritten signature.

Stadler used a QES to sign the contract. So far, so good.

The problem lies with the Trust Service Provider (TSP) used to deliver the signature service. Stadler used a Swiss TSP which means the QES is thereby considered qualified under Swiss Signature Law (ZertES). From a technical point of view, a QES under ZertES and a QES under eIDAS are almost identical. They follow the exact same technical standards together with a very similar certification framework.

The main difference lies in the liability of the services rendered. EU and EEA countries follow the eIDAS framework, which offers cross-border interoperability between all EU and EEA member states. In other words, what is qualified in Germany will have the exact same legal effect as what is qualified in Austria.

This interoperability is, however, strictly limited to the EU member states. The eIDAS and ZertES regulations allow for the possibility to establish a recognition agreement with third-party countries, but, in this case, none had been negotiated or entered into. In 2017, at a Cryptomathic conference in Zurich, the head of the legal data processing unit at the Federal Office of Justice confirmed that even though the underlying standards are the same, interoperability is not automatically provided in the absence of a mutual recognition agreement between the EU and Switzerland.

Inevitibly then, the Austrian Federal Administrative Court declared that Switzerland is not part of the EU and that the jurisdictions are not aligned.

To avoid this procedural flaw, Stadler could have signed using a Qualified Electronic Signature, delivered by a trusted service provider legally domiciled and supervised in an EU or EEA country and duly registered in the EU trusted lists. Any other service provided from third party countries such as Switzerland or the UK would not be fit for purpose.

Most providers including Docusign and Adobe offer, by default, qualified seals or simple electronic signatures. The electronic signatures are admissible in court but do not provide legal certainty; they would not have satisfied the requirements for the Austrian contract.

Key learnings: Multi-jurisdictional deals need legal certainty

This case demonstrates the critical importance of selecting the right e-signature partner and solution provider to ensure that the transaction cannot be repudiated due a procedural flaw. Assurance or even high assurance that the contract is signed is not enough for sensitive operations or high value transactions. Legal certainty is required.

Countries in the EU are in the fortunate position to have a legal framework where certain types of accredited trust services are granted the same legal effect as handwritten signatures. This principle of equivalence means that a document, which is ‘duly’ signed electronically, will be regarded as legally equivalent to the paper-based version with a handwritten signature.

In case of dispute, the burden of proof is in the hands of the opposing party and the TSP is liable for damage. The liability caps are defined with the TSP and usually follow the liability requirements set out in the national law where the TSP is registered. Similar legislation is in place in Switzerland, but there is no mutual recognition yet.

This principle of equivalence is however not present in all jurisdictions. The US eSign Act, for instance, grants legal recognition and court admissibility for electronic signatures and records, but it does not provide full legal certainty.

Regardless of the contract or jurisdiction, here are five golden rules that businesses need to observe to avoid falling into procedural traps:

• There is no legal certainty without a duly performed identification process of the signee.

Solutions where you do not present official ID documents will never allow you to obtain legal certainty. There is a plethora of solutions, which rely only on invites by email, phone or messaging. Without formal ID Proofing, either face to face or remotely, there is no certainty that the signee really is who they claim to be.

• There is no legal certainty if you are not the signee.

Open the signed PDF in Adobe and check the signature panel.Do not rely on the information added in the new document as it has no legal value whatsoever. If you sign as legal or physical person, you should recognise your name as displayed in figure 1, below. If your name is not included here, you are not the legal signee.

• The service provider must be admissible.

There is always a section in your contract which will state which jurisdiction applies for the contract. It is very important to verify that the service provider is legally domiciled in the same jurisdiction or in a jurisdiction that offer cross border interoperability.

Contract	Certificate
Any EU or EEA Law	The provider shall be in the EU Trusted list for QES
Other jurisdiction	Service provider in the same jurisdiction

It is, however, not straightforward to verify where the certificate provider is legally domiciled. On the signature panel, check the certificate details of the issuer as shown on Figure 2 and Figure 3 where we see signatures using TSPs established in the US and in the EU respectively.

Please note that many PDF readers do not present electronic signatures (e.g., Google Chrome).

• There is no legal certainty if the signee does not retain a level of control

One of the easiest ways to spot a potential issue here is to look at the consent mechanism. Generally, a signee needs to demonstrate consent to a signature operation. This consent needs to be strongly bound to the signature operation and is typically provided using two factor authentication, using app or SMS-based one-time passwords.

Any solution that is simply based on username / password or with static mechanism (e.g. scratching a signature on a pad or mobile phone) will not be regarded as sufficiently strong to deliver the level of security required to safeguard against replay or man in the middle attacks.

• Without technical non-repudiation there is no legal certainty

This aspect is more difficult for a non-expert to verify, i.e. to establish the assurance that someone cannot deny the validity of the e-signature. When you read something in your web browser or in your mobile app, how can you be sure that the text you read is genuine, from the right source, and agree on the content it displays?

Cryptomathic introduced the the concept of What You See Is What You Sign (WYSIWYS) and implemented a solution that ensures, with a high degree of assurance, that the document(s) received at the beginning of the signature flow is/are truly rendered to the user, that they provide their wilful consent, that the signed documents have not been altered and are signed for long-term archive. Finally, we also store the logs and can reproduce the visual experience days and years after the signature operation.

The legal framework for awarding contracts electronically with the Austrian Railways is based on Austrian law and incorporates amongst others, the EU regulation on electronic identification and trust services for electronic transactions in the internal market, i.e. all EU and EEA member states.

Any bidder therefore needs to apply a QES issued from a TSP registered in the EU. Similar legislation is in place in Switzerland but, critically, there is no current mutual recognition between the EU and Switzerland that supports the level of legal non-repudiation required by orders of this magnitude.

Most electronic signature providers offer qualified seals or simple electronic signatures by default. These assets are admissible in court but do not provide legal certainty, which is the key issue here.

The bottom line is the lawyers at Stadler should have stressed the importance of the legal domicile of the TSP in this cross border transaction.

If you have questions or need advice to implement your e-signature solution, please do not hesitate to contact Cryptomathic here

The author is Guillaume Forget, managing director of e-signature specialist, Cryptomathic GmbH.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

The post All trains cancelled: How an e-Signature failure derailed a €3bn Swiss-Austrian transport deal appeared first on IoT Now Transport.

Rohde & Schwarz and Vector Informatik are collaborating on closed-loop scenario testing of automotive radar sensors for advanced driver assistance systems (ADAS) and autonomous driving (AD). Coupling the DYNA4 virtual test drive simulation platform from Vector with the latest Rohde & Schwarz radar moving object stimulation system enables powerful verification of safety-critical ADAS functions. These include emergency braking in an integrated hardware-in-the-loop (HiL) environment.

R&S AREG800A opens up a completely new world of possibilities for testing radar-enabled ADAS features.

HiL testing is a technique used to accelerate the development of complex real-time embedded systems such as ADAS in situations where using a fully assembled vehicle is not possible or too costly, time-consuming or dangerous. Instead, the operation and behavior of supporting systems are electronically simulated.

The system setup consists of the Vector DYNA4 virtual test drive software, which provides the environment simulation and the user interface for scenario configuration and test execution, and the Rohde & Schwarz radar test system, which generates dynamic artificial objects for the radar sensor under test based on ASAM OSI object lists implemented in the DYNA4 environment simulation software. Vector CANoe receives the radar sensor’s bus output signals with the objects detected by the radar, and the software then analyses and visualises them. The detected objects are also compared with the simulated ground truth.

The Rohde & Schwarz radar test system comprises the R&S AREG800A automotive radar echo generator as the digital backend and the R&S QAT100 advanced antenna array as the frontend. The solution opens up a completely new world of possibilities for testing radar-enabled ADAS features and ensures the safety of autonomous driving functions in HiL setups. Innovative antenna array technology allows complex artificial objects to be generated for the radar sensors at variable distances and with variable radial velocity, object size and angular direction. Antennas and test equipment do not need be moved physically.

A responsive and dedicated HiL interface that conforms to the ASAM open simulation interface specification allows realistic over-the-air stimulation of radar sensors with challenging, complex and even risky driving scenarios. The radar test system is future-proof thanks to a modular and scalable concept. In addition to offering standard radar based ADAS feature tests such as adaptive cruise control (ACC) and autonomous emergency breaking (AEB) scenarios, the system can be easily upgraded to cover advanced test cases. It can grow to meet the complexity of future scenarios an important step on the way to autonomous driving.

Combining the best of simulation and over-the-air radar stimulation is a significant step forward. The combination accelerates the development of ADAS features and enables users to reliably and realistically test ADAS/AD features and master complex validation processes in a fully controllable and representative environment.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

The post Rohde & Schwarz and Vector Informatik collaborate on hardware-in-the-loop validation of automotive radar sensors appeared first on IoT Now Transport.