legal reflexions concerning digital archiving

Legal Reflexions concerning Digital Archiving

Jos Dumortier

K.U.Leuven University – Belgium

Interdisciplinary Centre for Law & ICT (ICRI)

ECPRD twin seminar Brussels - The Hague 2002______

 DIGITALISATION OF PARLIAMENTARY

INFORMATION AND ARCHIVES

Introduction

The law is progressively adapted in order to take account of the electronic environment

Problem remains: how to guarantee securer and trustworthy archival of digital data

Most difficult problem: electronic signatures

electronic signaturesproduced with digital signature tool

Terminology

digital signatures

electronic signatures

Terminology

Electronic Signatures: “all kinds of (electronic) substitutes for hand-

written signatures”

Digital Signatures: one technical solution (public key cryptography) many other applications besides electronic

signatures (seals, envelopes, receipts, …)

European legal framework

E-Signature Directive: open EU market for e-signatures services and products “qualified” e-signatures equivalent to hand-written

signatures

E-Commerce Directive obligation to remove all obstacles for electronic contracts

InterPARES Authenticity Task Force

“Digital signature and public key infrastructure (PKI) were never intended to be, and are not currently viable as a means of ensuring the authenticity of electronic records over time”

Important distinction

1. Digital signatures used as “archivist’s seal”: tool to control the integrity of the archived data

2. Electronic signatures attached to data presented for archival: how to keep the signature intact?

Major difficulty: “migration”

Problem: if the archived data change (even one bit) the signature is no longer valid

Proposed solution: strip the signature before archiving the data and

transform it into metadata the archivist will guarantee the authenticity and

integrity of the data (“trusted archival chain”)

Why is this solution not acceptable?

not compatible with the recently created legal framework

the signature should often remain intact for legal purposes (non-repudiation)

the solution only “shifts” the problem: how to guarantee the archivist’s seal?

Need for standardized solution for archiving digital signatures

First European attempts: ETSI TS 101733: Electronic Signature Formats ETSI TS 101903: XML Advanced E-Signatures

But need for dedicated standardization initiative with more involvement of professional record keepers

ETSI TS 101733

Aim is: how to guarantee security of a signature over a long period of time?

But what about “migration”?

Even if you have a very secured signature, strong enough to remain intact over a long period of time: if one bit in the signed data change, the signature is useless

Our view: even if there is not a “perfect” solution, we need to tacke this issue in the best possible way

Possible measures

reduce need to migrate by using open standardized document formats (e.g. XML)

stimulate secure trusted archival services possibly separate “normal” archival service and

“signature keeping” minimal legal framework (liability, stability, …) develop standards (best practices) supervision is necessary

The debate remains open ..

Jos Dumortier K.U.Leuven UniversityFaculty of Law – ICRI

jos.dumortier@law.kuleuven.ac.behttp://www.icri.be

The debate remains open ..

Jos Dumortier & Sofie Van Den EyndeK.U.Leuven UniversityFaculty of Law – ICRI

jos.dumortier@law.kuleuven.ac.besofie.vandeneynde@law.kuleuven.ac.be http://www.icri.be