Date post: | 18-Dec-2015 |
Category: |
Documents |
Upload: | esther-campbell |
View: | 216 times |
Download: | 2 times |
Legal Reflexions concerning Digital Archiving
Jos Dumortier
K.U.Leuven University – Belgium
Interdisciplinary Centre for Law & ICT (ICRI)
ECPRD twin seminar Brussels - The Hague 2002______
DIGITALISATION OF PARLIAMENTARY
INFORMATION AND ARCHIVES
Introduction
The law is progressively adapted in order to take account of the electronic environment
Problem remains: how to guarantee securer and trustworthy archival of digital data
Most difficult problem: electronic signatures
electronic signaturesproduced with digital signature tool
Terminology
digital signatures
electronic signatures
Terminology
Electronic Signatures: “all kinds of (electronic) substitutes for hand-
written signatures”
Digital Signatures: one technical solution (public key cryptography) many other applications besides electronic
signatures (seals, envelopes, receipts, …)
European legal framework
E-Signature Directive: open EU market for e-signatures services and products “qualified” e-signatures equivalent to hand-written
signatures
E-Commerce Directive obligation to remove all obstacles for electronic contracts
InterPARES Authenticity Task Force
“Digital signature and public key infrastructure (PKI) were never intended to be, and are not currently viable as a means of ensuring the authenticity of electronic records over time”
Important distinction
1. Digital signatures used as “archivist’s seal”: tool to control the integrity of the archived data
2. Electronic signatures attached to data presented for archival: how to keep the signature intact?
Major difficulty: “migration”
Problem: if the archived data change (even one bit) the signature is no longer valid
Proposed solution: strip the signature before archiving the data and
transform it into metadata the archivist will guarantee the authenticity and
integrity of the data (“trusted archival chain”)
Why is this solution not acceptable?
not compatible with the recently created legal framework
the signature should often remain intact for legal purposes (non-repudiation)
the solution only “shifts” the problem: how to guarantee the archivist’s seal?
Need for standardized solution for archiving digital signatures
First European attempts: ETSI TS 101733: Electronic Signature Formats ETSI TS 101903: XML Advanced E-Signatures
But need for dedicated standardization initiative with more involvement of professional record keepers
ETSI TS 101733
Aim is: how to guarantee security of a signature over a long period of time?
But what about “migration”?
Even if you have a very secured signature, strong enough to remain intact over a long period of time: if one bit in the signed data change, the signature is useless
Our view: even if there is not a “perfect” solution, we need to tacke this issue in the best possible way
Possible measures
reduce need to migrate by using open standardized document formats (e.g. XML)
stimulate secure trusted archival services possibly separate “normal” archival service and
“signature keeping” minimal legal framework (liability, stability, …) develop standards (best practices) supervision is necessary
The debate remains open ..
Jos Dumortier K.U.Leuven UniversityFaculty of Law – ICRI
[email protected]://www.icri.be
The debate remains open ..
Jos Dumortier & Sofie Van Den EyndeK.U.Leuven UniversityFaculty of Law – ICRI
[email protected]@law.kuleuven.ac.be http://www.icri.be