Out of Court Dispute Settlement

1
Out of Court Dispute Settlement
2
(No Transcript)
3
Precoditions and assumptions 1 Clear policy

• before the start to have written
  recommendations from the beginning towards
• Clear and written borders of responsibility
  between trader/VAN operator/administration.
• Time amendments, cancel, acceptance, decision
• Timers rules when and how to switch to fall-back
  procedure
• Communication logs are useful but archiving of
  messages is the MUST

4
Precoditions and assumptions 2 Clear policy

• Who can sing on behalf of the trader?
• Requirements for delegation/passing of
  responsibilities (the director general -gt a
  deputy -gt (branches) -gt employee). 1 certificate
  versus many1 ?
• Encryption separate certificate versus shared ?
• Administration solution
• who can act on behalf of administration, one
  versus many ( encryption) ?
• 24/7 services ? gta certificate for the system ?

5
Precoditions and assumptions 3 Clear policy

• Responsibility for web-based client application
  maintained by the administraion for trades (Who
  will archive, etc.)
• Will be messages encrypted and how? (Traders
  security and safety policy, esp. internat.
  companies)
• Which messages and which parts encrypt? (if both
  direction -gt to maintane separate list of
  traders certificates envelope information have
  to be in open form)
• Expiration of certificates time stamps are
  really necessary?

6
Precoditions and assumptions 4 Communication
possibilities

• Direct communication between Trader and CA
  active/passive(Trader sends and pulls messages,
  there is not guaranteed delivery of messages to
  Traders on time)
• Direct communication between Trader and CA
  active/active(both Trader and CA are sending
  messages, sending messages to hundreds or
  thousands of Traders is potential problem for CA)
• Indirect communication via VAN operators(active/a
  ctive, convenient for CA, but it is necessary for
  Traders, CA or both to pay for it) c

7
Precoditions and assumptions 5 Communication
possibilities

• Confirmation of delivery - for each message (only
  methods where is the confirmation is possible
  should be allowed e.g. not SMTP)
• Expiration of messages - timers(not valid after
  )
• Make communication logs accessible (on Internet)
  in all cases where it is possible

8
Precoditions and assumptions 6 Communication
possibilities

• Simple web client for SMEs, prosecuted by
  CA(along to TAXUD requirements)
• Complex web client(fully functional, but who is
  responsible for Traders data inside that
  client?, problematic integration with Traders
  IS)
• According to CZ law active/passive communication
  should be possible as a electronic equivalent to
  public desk, message can be considered as
  delivered after designated time
• Prefer asynchronous communication (rem. quota)

9
Precoditions and assumptions 7 Communication
possibilities

• Trusted time stamp is an electronically signed
  certificate from a certifying authority that
  confirms data content at the stated time
• Certif. authorities
• Issuing trusted time stamps for applications and
  end-users
• Issuing trusted time stamps for public
  administration institutions and bussiness
  (agreement)
• Interface Web service (SOAP) and RFC 3161 ASN.1
  service.

10
How to avoid a dispute?
Have better information!

• central registries on central level
• QNCTS application querying tool for customs
  analysts
• Special tools all logs together and searchable
  - AQMC
• Periodical reports and statistics (week, month,
  year)
• Not-closed MRNs older than 4 month
• operational statistics

11
Querying tool (for customs analysts)
12
Be pro-active help traders!
ECR Helpdesk

• Opened 7 days per week and 24 hour per day
• Focused especially for solving Traders problems
• Solves both procedural and technical problems
• Covers all regions in Czech Republic
• ECR Helpdesk team-leaders
• Michal Petrík 596 270 364, email
  m.petrik_at_cs.mfcr.cz
• Milan arec 596 270 360, email
  m.sarec_at_cs.mfcr.cz
• Karel Komon 596 270 369, email komon_at_cs.mfcr.cz

phones 596 270 360 (working days 700
1530) 737 233 762 (outside
working hours) e-mail ecrhelpdesk_at_cs.mfcr.cz
13
Be pro-active help traders!

• Procedural support (intranet web pages)
• Helpline backtracking application (intranet /
  internet)
• Discussion groups for NCTS customs officers
  (intranet)
• Unavailability registration of unavailability
  in common and external domain
• Statistics of solved cases by the ECR Helpdesk
• AQMC AQ Management Console
• Support of problem detection
• Message exchange diagrams - MRN life cycle
  tracking

14
Statistics of cases solved by the ECR Helpdesk
15
All logs together and searchable - AQMC
16
All logs together and searchable - AQMC
17
Tools for traderswww.cs.mfcr.cz/ncts

• Web NCTS client
• No simplified procedure free for any trader
• MRN state checking
• Useful for exception handling includes external
  messages
• Automatic Codelist Update (web service)
• Traders SW everyday synchronization
• Message documentation
• Generated from metadata
• Unavailability in external domain

18
Archiving 1 Why, what and who

• E-Customs means paperless communication too,so
  archiving of messages is necessary
• Messages must be archived including their
  electronic signatures
• Both communication sides CAs and Traders should
  archive messages they receive
• In fact, CZ CA is archiving both - incoming and
  outgoing messages
• There is no applicable law about electronic
  archiving

19
Archiving 2 How long

• Certification authority all information and
  documents for at least 10 years
• Traders (and administrations)
• Customs code 3 years current 4
• Code of Administrative procedure 3 years
  current 4
• but Law about Value Added Tax 10 years curr.
  11

20
Pros Cons of electronic signature
Classical signature
Electronic data
Verification
?
?
Integrity
?
Non-repudiation
Legal validity
Permanent validity
21
Problem of e-archives equipment
electronic form of document?
bits bytes available by usage of appropriate
harware and software
out of date hardware and software
HW
OS
SW
media
22
Problem of e-archives verification of el.
signature
electronic form of document?
bits bytes available by usage of appropriate
harware and software
out of date cryptographic algorithms
expired certificate
ciphering algorithm
revoked certificate
hash algorithm
23
Archiving 3 CZ solution

• It is one of functions of EDI gateway
  independently on communication domain and
  back-end application
• Messages are stored (and later archived) in
  decrypted form, including signatures and their
  public certificates
• Messages are archived from production database,
  after 3 months, in an one month cycle
• After the verification of media actually archived
  messages are deleted from production database

24
Archiving 4 CZ solution

• As a media CDs or DVDs are used, two pieces are
  burned, one is stored at CA, second on another
  place
• Media are checked each half of year and
  potentially re-burned
• There remains only list of message identifiers
  linked to media in the production database
• There is an specialized application to maintain
  all necessary functions

25
Format of e-signature for e-archives
ETSI 101 733
E-signature timestamp
E-signature
policy OID
other attributes
digital signature
timestamp of dig. signature
26
Format of e-signature for e-archives
ETSI 101 733
E-signature timestamp
E-signature
policy OID
other attributes
digital signature
timestamp of dig. signature
27
Technical solutions for digital signing of
e-archives
1. Timestamp after original signing of document
(still valid certificate) 2. Periodical
timestamping
5 years
10 years
15 years
28
Conclusions

• Clear and strict enough policy from the start
  will eliminate lot of next problems
• VAN operators evidences are useful but relay on
  your proofs
• Time stamp desired (but egov. can be strated
  without)
• Court will relay on the report from experts -gt
  prepare the form of proofs, procedure and
  reliability for them (not for the court)

29
Do you have any questions?
ARE YOU READY FOR THE NEXT BIG STEP?
Just do it !