150 likes | 255 Views
Legal Reflexions concerning Digital Archiving. ECPRD twin seminar Brussels - The Hague 2002 ______ DIGITALISATION OF PARLIAMENTARY INFORMATION AND ARCHIVES. Jos Dumortier K.U.Leuven University – Belgium Interdisciplinary Centre for Law & ICT (ICRI). Introduction.
E N D
Legal Reflexions concerning Digital Archiving ECPRD twin seminar Brussels - The Hague 2002 ______ DIGITALISATION OF PARLIAMENTARY INFORMATION AND ARCHIVES Jos Dumortier K.U.Leuven University – Belgium Interdisciplinary Centre for Law & ICT (ICRI)
Introduction • The law is progressively adapted in order to take account of the electronic environment • Problem remains: how to guarantee securer and trustworthy archival of digital data • Most difficult problem: electronic signatures
digital signatures electronic signatures Terminology electronic signaturesproduced with digital signature tool
Terminology • Electronic Signatures: • “all kinds of (electronic) substitutes for hand-written signatures” • Digital Signatures: • one technical solution (public key cryptography) • many other applications besides electronic signatures (seals, envelopes, receipts, …)
European legal framework • E-Signature Directive: • open EU market for e-signatures services and products • “qualified” e-signatures equivalent to hand-written signatures • E-Commerce Directive • obligation to remove all obstacles for electronic contracts
InterPARES Authenticity Task Force “Digital signature and public key infrastructure (PKI) were never intended to be, and are not currently viable as a means of ensuring the authenticity of electronic records over time”
Important distinction • Digital signatures used as “archivist’s seal”: tool to control the integrity of the archived data • Electronic signatures attached to data presented for archival: how to keep the signature intact?
Major difficulty: “migration” • Problem: if the archived data change (even one bit) the signature is no longer valid • Proposed solution: • strip the signature before archiving the data and transform it into metadata • the archivist will guarantee the authenticity and integrity of the data (“trusted archival chain”)
Why is this solution not acceptable? • not compatible with the recently created legal framework • the signature should often remain intact for legal purposes (non-repudiation) • the solution only “shifts” the problem: how to guarantee the archivist’s seal?
Need for standardized solution for archiving digital signatures • First European attempts: • ETSI TS 101733: Electronic Signature Formats • ETSI TS 101903: XML Advanced E-Signatures • But need for dedicated standardization initiative with more involvement of professional record keepers
ETSI TS 101733 Aim is: how to guarantee security of a signature over a long period of time?
But what about “migration”? • Even if you have a very secured signature, strong enough to remain intact over a long period of time: if one bit in the signed data change, the signature is useless • Our view: even if there is not a “perfect” solution, we need to tacke this issue in the best possible way
Possible measures • reduce need to migrate by using open standardized document formats (e.g. XML) • stimulate secure trusted archival services • possibly separate “normal” archival service and “signature keeping” • minimal legal framework (liability, stability, …) • develop standards (best practices) • supervision is necessary
The debate remains open .. Jos Dumortier K.U.Leuven University Faculty of Law – ICRI jos.dumortier@law.kuleuven.ac.be http://www.icri.be
The debate remains open .. Jos Dumortier & Sofie Van Den Eynde K.U.Leuven University Faculty of Law – ICRI jos.dumortier@law.kuleuven.ac.be sofie.vandeneynde@law.kuleuven.ac.be http://www.icri.be