Legal Reflexions concerning Digital Archiving

1
Legal Reflexions concerning Digital Archiving
ECPRD twin seminar Brussels - The Hague
2002 ______   DIGITALISATION OF PARLIAMENTARY
INFORMATION AND ARCHIVES

• Jos Dumortier
• K.U.Leuven University Belgium
• Interdisciplinary Centre for Law ICT (ICRI)

2
Introduction

• The law is progressively adapted in order to take
  account of the electronic environment
• Problem remains how to guarantee securer and
  trustworthy archival of digital data
• Most difficult problem electronic signatures

3
Terminology
electronic signaturesproduced with digital
signature tool
4
Terminology

• Electronic Signatures
• all kinds of (electronic) substitutes for
  hand-written signatures
• Digital Signatures
• one technical solution (public key cryptography)
• many other applications besides electronic
  signatures (seals, envelopes, receipts, )

5
European legal framework

• E-Signature Directive
• open EU market for e-signatures services and
  products
• qualified e-signatures equivalent to
  hand-written signatures
• E-Commerce Directive
• obligation to remove all obstacles for electronic
  contracts

6
InterPARES Authenticity Task Force
Digital signature and public key infrastructure
(PKI) were never intended to be, and are not
currently viable as a means of ensuring the
authenticity of electronic records over time
7
Important distinction

1. Digital signatures used as archivists seal
   tool to control the integrity of the archived
   data
2. Electronic signatures attached to data presented
   for archival how to keep the signature intact?

8
Major difficulty migration

• Problem if the archived data change (even one
  bit) the signature is no longer valid
• Proposed solution
• strip the signature before archiving the data and
  transform it into metadata
• the archivist will guarantee the authenticity and
  integrity of the data (trusted archival chain)

9
Why is this solution not acceptable?

• not compatible with the recently created legal
  framework
• the signature should often remain intact for
  legal purposes (non-repudiation)
• the solution only shifts the problem how to
  guarantee the archivists seal?

10
Need for standardized solution for archiving
digital signatures

• First European attempts
• ETSI TS 101733 Electronic Signature Formats
• ETSI TS 101903 XML Advanced E-Signatures
• But need for dedicated standardization initiative
  with more involvement of professional record
  keepers

11
ETSI TS 101733
Aim is how to guarantee security of a signature
over a long period of time?
12
But what about migration?

• Even if you have a very secured signature, strong
  enough to remain intact over a long period of
  time if one bit in the signed data change, the
  signature is useless
• Our view even if there is not a perfect
  solution, we need to tacke this issue in the best
  possible way

13
Possible measures

• reduce need to migrate by using open standardized
  document formats (e.g. XML)
• stimulate secure trusted archival services
• possibly separate normal archival service and
  signature keeping
• minimal legal framework (liability, stability, )
  
• develop standards (best practices)
• supervision is necessary

14
The debate remains open ..
Jos Dumortier K.U.Leuven University Faculty of
Law ICRI jos.dumortier_at_law.kuleuven.ac.be http
//www.icri.be
15
The debate remains open ..
Jos Dumortier Sofie Van Den Eynde K.U.Leuven
University Faculty of Law ICRI jos.dumortier_at_la
w.kuleuven.ac.be sofie.vandeneynde_at_law.kuleuven.ac
.be http//www.icri.be