The concept of establishment of electronic archive in public administration

Cilj ove doktorske disertacije je izrada modela informacijskog sustava za dugotrajnu pohranu elektroniĉki potpisanih dokumenata u podruĉju javne uprave. Za potrebe izrade modela obraĊen je referentni teorijski model za dugotrajnu pohranu elektroniĉkih informacijskih objekata – OAIS. Opisane su odgovornosti i sastavnice te funkcionalni entiteti navedenog modela. ObraĊena su teorijska saznanja s podruĉju infrastrukture javnog kljuĉa (PKI) zbog tehnologija i koncepata koji podrţavaju povjerenje u elektroniĉke zapise: digitalni certifikat, elektroniĉki potpis, napredni elektroniĉki potpis, certifikacijski (CA) i registracijski autoritet (RA), elektroniĉki vremenski ţig i dr. Uredbom eIDAS (Uredba (EU) br. 910/2014) je za podruĉje Europske Unije stavljena van snage do tada vaţeća EU Direktiva 1999/93/EC o okviru Zajednice za elektroniĉke potpise. Utjecaj Uredbe eIDAS je vrlo dalekoseţan za pravno reguliranje elemenata za dugotrajno oĉuvanje elektroniĉki potpisanih zapisa. Navedena uredba je propisala i koncept kvalificiranog pruţatelj usluga povjerenja (za izdavanje certifikata, vremenskih ţigova i dr.). Posebno su detaljno obraĊeni formati naprednog elektroniĉkog potpisa: XAdES, CAdES i PADES. Takvi formati potpisa omogućavaju oĉuvanje u dugom roku pa su iz tog razloga posebno zanimljivi. Detaljno su obraĊeni procesi izraĊivanja i validacije naprednog elektroniĉkog potpisa. Prepoznat je pojam dokaza postojanja, tj. PoE (engl. Proof of Existence) elektroniĉkog potpisa kao kljuĉan za ovaj rad. U prouĉavanju podruĉja dugoroĉnog oĉuvanja integriteta i autentiĉnosti elektroniĉkih zapisa s elektroniĉkim potpisima obraĊene su ĉetiri strategije oĉuvanja: uklanjanje elektroniĉkih potpisa, biljeţenje traga o elektroniĉkim potpisima u metapodacima, biljeţenje valjanosti o elektroniĉkim potpisima u blokchainu te oĉuvanje elektroniĉkih potpisa. Oĉuvanje elektroniĉkih potpisa je ĉesto implicitno definirano u zakonskim propisima te je stoga bilo i izazov za ovaj istraţivaĉki rad. Detaljno je obraĊena tematika elektroniĉke javne uprave (pojam, faze, mobilna javna uprava i sektori). Da bi se bolje shvatila vaţnost arhiva u elektroniĉkoj javnoj upravi obraĊen je kontekst elektroniĉke javne uprave u Europskoj Uniji i Republici Hrvatskoj. Sudjelovao sam na InterPARES Trust istraţivaĉkom projektu na temu analize elektroniĉkih javnih usluga. Analizirani su razliĉiti aspekti javnih e-usluga, a sa stanovišta ovog rada su posebno zanimljivi rezultati s podruĉja dugoroĉnog oĉuvanja elektroniĉkih zapisa te su i izneseni u ovom radu. Osim toga, istraţena je dostupnost servisa i komponenata temeljenih na infrastrukturi javnog kljuĉa u RH koji se mogu uĉinkovito iskoristiti za izgradnju infrastrukture za potpisivanje i dugotrajnu pohranu elektroniĉki potpisanih dokumenata. Konaĉno je dana i analiza uspješnosti elektroniĉkih javnih uprava po više metodologija. Napravljena je detaljna analiza razliĉitih aspekata elektroniĉki potpisanih dokumenata (interoperabilnost, pravna ureĊenost, rokovi ĉuvanja, norme za dugotrajnu pohranu). ObraĊen je i pojam elektroniĉke isprave u smislu zamjene za papirnate sluţbene dokumente izdane od javne uprave. Analizirani su hrvatski i strani zakoni s tog podruĉja. Kao priprema za izradu modela dugotrajne pohrane elektroniĉki potpisanih dokumenata obavljena je analiza uspješnih implementacija e-arhiva iz Hrvatske, Njemaĉke, Italije, Austrije, Litve i Estonije. ObraĊeni je i jedan referentni model za dugotrajnu pohranu te su analizirani rezultati istraţivaĉkog EARK projekta. S obzirom na saznanja iz analize uspješnih praksi i referentnih modela izradio sam model informacijskog sustava za pohranu elektroniĉki potpisanih dokumenta. RazraĊeni model se temelji na OAIS referentnom modelu. Vrlo bitan dio u izradi navedenog modela je razrada pojma oĉuvanja dokaza postojanja. Predlaţe se korištenje standarda RFC 6283 (XMLERS) za zapis oĉuvanja dokaza postojanja. Osim toga, kljuĉno u izradi modela je korištenje usluga kvalificiranih pruţatelja usluga povjerenja za certifikate i za vremenske ţigove. Kvalificirani vremenski ţig poprima i znaĉenje arhivskog vremenskog ţiga. IzraĊeni model podrazumijeva produţenje potpisa prije isteka prikladnosti korištenih algoritama. Osnovna namjera produţenja potpisa jest osigurati provjerljivost cjelovitosti i autentiĉnosti već potpisanih dokumenata. Osim toga i vremenski ţigovi s vremenom mogu izgubiti svoju prikladnost pa se pravovremeno treba dohvaćati novi vremenski ţig. Predloţeno je rješenje i za dugotrajno oĉuvanje elektroniĉke isprave na naĉin da tehnološka implementacija podrţi pravni okvir. Predloţeni su i formati dokumenata za ovaj model te korištenje formata naprednog elektroniĉkog potpisa. Predloţeni su formati iz AdES obitelji potpisa: XAdES, CAdES i PAdES. Na kraju rada je dan prijedlog uspostave infrastrukture za dugotrajno oĉuvanje potpisanih elektroniĉkih dokumenata u Republici Hrvatskoj.The aim of this PhD thesis is to develop a model of the information system for the long term storage of electronically signed documents within public administration domain. For the purpose of building the model, the referent theoretical model for the long term storage of electronic information objects - OAIS is elaborated. The responsibilities, components and the functional entities of the mentioned model are described. Theoretical findings in connection with public key infrastructure (PKI) are covered because of the technologies and concepts that support the confidence in electronic records: digital certificate, electronic signature, advanced electronic signature, certificate authority (CA), registration authority (RA), electronic timestamp etc. The EU Directive 1999/93/EC on a Community framework for electronic signatures was derrogated in the EU area by eIDAS regulation (EU Regulation no. 910/2014). The influence of the eIDAS regulation is far-reaching for the legal regulation of the elements for the longterm preservation of electronically signed records. The regulation laid out the concept of the qualified trust server provider (for the certificate issuance, timestamps, etc.). Certain formats of advanced electronic signature are thoroughly covered. Such signature formats enable longterm preservation what makes these formats particularly interesting. The processes of development and validation of advanced electronic signature are described in detail. The term Proof of Existence (PoE) of electronic signature is recognized as key for this thesis. Studying the area of the long-term integrity and authenticity preservation of electronic records with electronic signatures four strategies of preservation are covered: the removal of electronic signatures, keeping track of electronic signatures within the metadata, recording electronic signature validity within the blokchain and the preservation of electronic signatures. The preservation of electronic signatures was a challenge for this thesis because it is often implicitly defined within legal regulations. The concept of electronic public administration is thoroughly covered (the term, phases, mobile public administration, sectors). To have a better understanding of the importance of archives in the electronic public administration the context of electronic public administration in the European Union and in the Republic of Croatia is described. The author took part at InterPARES Trust research project that was based on the analysis of electronic public services. Different aspects of public e-services are analyzed, form the point of this work the results from the area of electronic records long-term preservation are especially interesting and as such are elaborated in this thesis. Furthermore, the availability of services and components based on the public key infrastructure in the Republic of Croatia that can be efficiently used for signing and long term-storage of electronically signed document infrastructure development is investigated. Finally the analysis of efficacy of electronic public administrations according to numerous methodologies is presented. A detailed analysis of different aspects of electronically signed documents (interoperability, legal regulation, preservation time period, long-term storage standards) is made. The term electronic document as a substitute for official paper documents issued by public administration is elaborated. Croatian and foreign legal regulations are analyzed. As a preparation for the long-term storage of electronically signed documents model an analysis of successful e-archive implementations from Croatia, Germany, Italy, Austria, Lithuania and Estonia is made. One referent model for the long-term storage is elaborated and the results of the E-ARK research project are analyzed. Based on the findings from the analysis of successful practices and referent models the author built a model of the information system for storage of electronically signed documents. The developed model is based on OAIS reference model. An important part of the above mentioned model development is the elaboration of preservation of the proof of existence term. The use of RFC 6283 (XMLERS) standard for the Evidence Record Syntax is recommended. On top of that the use of qualified trust service providers for certificates and for timestamps is key for this model development. Qualified timestamp also takes the meaning of an archive timestamp. The developed model implies signature renewal before an expiration of the validity of the algorithms used. The main purpose of the signature renewal is to insure the verification of completeness of already signed documents. Additionally, timestamps can lose their validity as time passes so new timestamps must be acquired in time. The solution for the electronic document long-term preservation is suggested so that technological implementation supports legal regulation. Document formats for this model are suggested as well as the usage of the advanced electronic signature format. The formats from the AdES family of signatures are proposed: XAdES, CAdES, PAdES. At the end of this thesis the suggestion to set up an infrastructure for the long-term storage of electronically signed documents in the Republic of Croatia is given

Comparative analysis of copyright assignment and licence formalities for Open Source Contributor Agreements

This article discusses formal requirements in open source software contributor copyright assignment and licensing agreements. Contributor agreements are contracts by which software developers transfer or license their work on behalf of an open source project. This is done for convenience and enforcement purposes, and usually takes the form of a formal contract. This work conducts a comparative analysis of how several jurisdicitons regard those agreements. We specifically look at the formal requirements across those countries to ascertain whether formalities are constitutive or probative. We then look at the consequences of the lack of formalities for the validity of those contributor agreements

From Lord Coke to Internet Privacy: The Past, Present, and Future of Electronic Contracting

Contract law is applied countless times every day, in every manner of transaction large or small. Rarely are those transactions reflected in an agreement produced by a lawyer; quite the contrary, almost all contracts are concluded by persons with no legal training and often by persons who do not have a great deal of education. In recent years, moreover, technological advances have provided novel methods of creating contracts. Those facts present practitioners of contract law with an interesting conundrum: The law must be sensible and stable if parties are to have confidence in the security of their arrangements; but contract law also must be able to handle changing social and economic circumstances, changes that occur at an ever-increasing speed. Contract law, originally designed to handle agreements reached by persons familiar with one another, evolved over time to solve the problems posed by contract formation that was done at a distance — that is, contract law had developed to handle first paper, then telegraphic, and finally telephonic communications. It has handled those changes very well. In the 1990s, however, things began to change. The rise in computer use by individuals coupled with the advent of the World Wide Web gave rise to two parallel developments, both of which challenged the law of contract formation. Increased computer use created a demand for software programs designed for the consumer market, and those programs were commonly transferred to users by way of standard-form licenses that were packaged with the software and thus unavailable before the consumer paid for the software. Also, parties in large numbers began to use electronic means — the computer — to enter into bargained-for relationships. The turn of the millennium brought two electronic contracting statutes, the Electronic Signatures in Global and National Commerce Act (“E-Sign”) and the Uniform Electronic Transactions Act (“UETA”), which removed any doubts that contracts entered into electronically could satisfy the Statute of Frauds. Encouraged by the certainty given by those statutes, internet businesses started offering contract terms on their websites, asking customers to consent to terms by clicking an icon, or by not seeking express assent at all by presenting terms of use by hyperlink. The ease of presenting terms comprised of thousands of words by an internet hyperlink makes it easy for a vendor in its terms of use and terms of service to ask us to give up privacy rights and intellectual property rights. Modern communications technologies therefore make it easier for parties to engage in risky transactions. Nevertheless, we believe that, with few exceptions, the common law of contracts is sufficiently malleable to address the problems arising out of that behavior and where it is not, regulation of contract terms is appropriate. This Article examines those developments

Can smart cards reduce payments fraud and identity theft?

In the United States, when a consumer presents a payment to a merchant, the merchant typically makes a request for authorization before accepting the payment. Personal information, such as an account number, address, or telephone number, are often enough to initiate a payment. A serious weakness of this system is that criminals who obtain the correct personal information can impersonate an honest consumer and commit payments fraud. ; A key to improving security-and reducing payments fraud-might be payment smart cards. Payment smart cards have an embedded computer chip that encrypts messages to aid authorization. If properly configured, payment smart cards could provide direct benefits to consumers, merchants, banks, and others. These groups would be less vulnerable to the effects of fraud and the cost of fraud prevention would fall. Smart cards could also provide indirect benefits to society by allowing a more efficient payment system. Smart cards have already been adopted in other countries, allowing a more secure payments process and a more efficient payments system. ; Sullivan explores why smart cards have the potential to provide strong payment authorization and thus put a substantial dent into the problems of payments fraud and identity theft. But adopting smart cards in the United States faces some significant challenges. First, the industry must adopt payment smart cards and their new security standards. Second, card issuers and others in the payments industry must agree on the specific forms of security protocols used in smart cards. In both steps the industry must overcome market incentives that can impede the adoption of payment smart cards or limit the strength of their security.