Legal Issues on PKI & qualified electronic certificates. THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris Bar Professor at the Universities.

Slides:

Advertisements

Similar presentations

1 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (COM( final) {SWD(2012)

Advertisements

© fedict All rights reserved Legal aspects Belgian electronic identity card Samoera Jacobs – November 2008.

ULYS Avocat – Advocaten – Law firm ON LINE CONTRACTS Introduction to the European regulatory framework by THIBAULT VERBIEST

Research and Innovation Summary of MS questions on the Commission's proposal for DG Research & Innovation Research and Innovation Rules for Participation.

KSTCD Branch/HRD Section/TrainForTrade & STICT Branch/ ICT Analysis Section1 Module 2 Legal validity of data messages.

The Austrian Governmental eDelivery System Technical Aspects Ankara, March 17th, 2015 Christian Maierhofer, EGIZ The E-Government Innovation Center is.

Policy interoperability in electronic signatures Andreas Mitrakas EESSI International event, Rome, 7 April 2003.

Setting Processes for Electronic Signature 1 The ”W-SPES Project” and the “Leuven Report on the Electronic Signatures Directive” – Putting the Project.

Workshop on registered electronic mail policies and implementations (ETT 57074) Ankara, –

The ABA’s Digital Signature Guidelines: An Imperfect Solution to Digital Signatures on the Internet By: Edward D. Kania.

Naklo, A.Komšo 1 eInvoices and Tax Regulation Andja Komšo Tax Administration.

Implementation of Electronic Signature Law Kęstutis Andrijauskas Information Society Development Committee under the Government of the Republic.

PAPERLESS BUSINESS in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE - Advisor to the Governor.

M.Sc. Hrvoje Brzica Boris Herceg, MBA Financial Agency – FINA Ph.D. Hrvoje Stancic, assoc. prof. Faculty of Humanities and Social Sciences Long-term Preservation.

Implementation of the Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.

DIGITAL SIGNATURE AND ELECTRONIC DOCUMENTS IN ITALY Prof. Pierluigi Ridolfi AIPA Authority for Information Technology in the Public Administration V. Solferino,

PROJECT Towards an Harmonised Approach for National Space Legislation in Europe Berlin, January 2004 NATIONAL SPACE LEGISLATION: THE BELGIAN.

Some initiatives of the Belgian government in order to stimulate E-government Frank Robben General manager Crossroads Bank for Social Security Sint-Pieterssteenweg.

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

Workshop Ankara, –  Introduction  Legal background in Slovenia  Usage areas  Accreditations and supervision  REM service.

Per Anders Eriksson

1. 2 ECRF survey - Electronic signature Mr Yves Gonner Luxembourg, June 12, 2009.

Cyber Law & Islamic Ethics

Strategic Global Summit For E-Commerce The Regulation of Internet Gambling in Europe By THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris’Bar.

Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Electronic invoicing in the light of the VAT Directive 2001/115/EC Anna Nordén Conference on the Legal Aspects of an E-Commerce Transaction The Hague 27.

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

Dr. Diganta Biswas School of Law Christ University, Bangalore.

National Smartcard Project Work Package 8 – Security Issues Report.

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

Legislation, Regulation, Guidelines

WORLD MEETING OF CUSTOMS LAW BRUSSELS , September “ Studies on Harmonization of Customs Law and Contributions of the Academy for updating and.

Niall Curran E-Commerce Division Department of Public Enterprise

"certification service provider" Electronic Signatures

Selected problems of the e-signature law and of its implementation Doc. RNDr. Daniel Olejár, CSc. Department of computer science Comenius University, Bratislava.

E-Signatures The Community framework on e-signatures (Directive 1999/93/EC) Dr Ioannis Iglezakis Visiting Lecturer University of Thessaloniki, Greece.

IBT- Electronic Commerce The Legal Infrastructure Victor H. Bouganim WCL, American University.

EGov Interop'05 - Feb 23-24, Geneva (Switzerland) OBSERVATORY ON INTEROPERABLE eGOVERNMENT SERVICES eGov-Interop'05 Annual Conference February.

Emergency Briefing Remote Gambling - European Update THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris Bars Founding Partner of ULYS LawFirm.

Logo Add Your Company Slogan China Financial Certification Authority Third-party certification authority Team 13 ：吉露露、吴莹莹、潘韦韦（ CFCA ）

Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.

E-Commerce as a key facilitator for SME Competitiveness, Geneva, May 2008 Professor Ian Walden, Of Counsel, Baker & McKenzie & Head of the Institute of.

Undertakings for collective investment in transferable securities (UCITS) Worldbank Global Development Learning Network The Advanced Program in Accounting.

EESSI June 2000Slide 1 European Electronic Signature Standardization Hans Nilsson, iD2 Technologies, Sweden.

European Aviation Safety Agency Head of Aircraft Product Certification

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

E-SIGNED DocFlow SYSTEM in GEORGIAN FINANCIAL SECTOR NANA ENUKIDZE – E-Business Development Consultant.

Conference Pan-European eGovernment services for citizens & enterprises E.3 Services for enterprises Development and improvement of Information Systems.

European enforcement order for uncontested claims Regulation n. 805/2004 of the European Parliament and of the Council of April

INTRODUCTION TO CZECH BUSINESS LAW 1 Time & Location Thursday10-12 a.m. Grading – criteria Participation in lectures - 50% Presentations Discussion Test.

Content Introduction History What is Digital Signature Why Digital Signature Basic Requirements How the Technology Works Approaches.

ROMANIA NATIONAL NATURAL GAS REGULATORY AUTHORITY Public Service Obligations in Romanian Gas Sector Ligia Medrea General Manager – Authorizing, Licensing,

E-commerce and the Law EC  E-commerce and the Law List     End Overview of E-commerce Law The Law Issues in EC’s Transactions.

E-C OMMERCE : T HE E -C ONSUMER AND THE ATTACKS AGAINST THE PERSONAL DATA Nomikou Eirini Attorney at Law, Piraeus Bar Association Master Degree in Web.

The Future Digital Identity Landscape in Europe Timothée Mangenot, chairman 14th of December, 2015 ACSIEL partners day.

The technology behind the USPS EPM. AND COMPLIANCE March 25, 2004 Adam Hoffman.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.

Electronic Transactions & Authentication

Interactive Gaming Council Board Meeting I-Gaming Legal status

Draft ETSI TS Annex C Presented by Michał Tabor for PSD2 Workshop

Legislation, Regulation, Guidelines

TRACES Trade Control and Expert System Electronic sanitary certificates using qualified electronic signature Brussels 15th September 2016.

Dashboard eHealth services: actual mockup

Operationalizing Export Certification and Regionalization Programmes

Website authentication E-registered delivery

Presentation transcript:

Legal Issues on PKI & qualified electronic certificates. THIBAULT VERBIEST Attorney-at-law at the Brussels and Paris Bar Professor at the Universities of Liège and Paris I Sorbonne Chairman of the Internet Rights Observatory

Introduction & awareness case "E-commerce is seeing rapid growth both for companies as well as for consumers. But without security and trust, financial and commercial transactions via the Internet will not see decisive growth“ (EU Commission statement) Hi my name is G.W. Bush and please transfer $ to

Trust & Security online?  Technical trust Know your customer Guarantee the integrity of the message Guarantee the confidential character  Legal trust Admissibility of technical measures Electronic ‘contract’ or instruction is valid and effective. PKI based solutions Adequate regulatory framework

Regulatory Framework European Union Directive 99/93 on electronic signatures Directive 2000/31 on electronic commerce Belgium Act of 20 October 2000 & Act of 9 July 2001 Royal Ordinance Royal Ordinance of 6 December 2002 (CSP) Acts of 11 March 2003 on electronic commerce

Regulatory Framework - Europe  Directive 1999/93 on electronic signatures Entry into Force: 19 January Implementation by Member States: 19 July  Main principles Enhance Internal market principles:  mutual recognition & cross-border provision  Third Countries? Everybody is free to run a CSP (CA)  no prior authorisaton / voluntary accreditation? Electronic signatures may not be denied legal effect Technology neutral legislation Cf. notion electronic signature ( )

Regulatory Framework - Belgium  Act of 20 October 2000:  admissibility and legal recognition  Modifications of Belgian Civil Code (art. 1322) and Civil Procedure Code  Act 9 July 2001 on certain aspects of electronic signatures & certification services  Royal Ordinance of 6 December 2002 on the accreditation of Certification Service Providers (CSP) BE.SIGN

Regulatory Framework - Act 9 July 2001  Principle of non-discrimination (art. 4 § 5) An electronic signature cannot be denied legal effectiveness solely on the grounds that it is an electronic one  Principle of assimilation (art. 4 § 4) hand-written signature = electronic signature IF  advanced electronic signature based on a qualified certificate and which is created by a secure-signature- creation device  Key notions: Advanced electronic signature & qualified certificate

Regulatory Framework - Act 9 July 2001 Notions Electronic signature: method of authentication Advanced electronic signature: electronic signature that is  uniquely linked to the signatory;  capable of identifying the signatory;  created using means that the signatory can maintain under his sole control; and  linked to the data to which it relates in such a manner that any subsequent change of the data is detectable; Identification Confidentiality Integrity

Regulatory Framework - Act 9 July 2001 “qualified certificate" certificate which meets the requirements laid down in Annex I and is provided by a CSP who fulfils the requirements laid down in Annex II;

Regulatory Framework - Act 9 July 2001 Annex I: requirements qualified certificate an indication of qualified certificate; the identification of the CSP and Member State the name of the signatory or a pseudonym provision for a specific attribute of the signatory to be included if relevant, depending on the purpose for which the certificate is intended; an indication of the term; the identity code of the certificate; the advanced electronic signature of the CSP issuing it; limitations on i) the scope of use or ii) limits on the value of transactions

Regulatory Framework - Act 9 July 2001: Annex II: requirements CSP - qualified certificate Must be reliable and ensure the proper functioning of a directory and revocation service; Verify the identity and any specific attributes of the person to which a qualified certificate is issued; Use trustworthy systems and products which are protected against modification and ensure the technical and cryptographic security of the process supported by them; Take measures against forgery of certificates; Maintain sufficient financial resources Precise terms and conditions regarding the use of the certificate

Regulatory Framework - Act 9 July 2001: Liability of CSP (art.14) CSP of qualifiad certificates is liable for damage caused to any entity or legal or natural person who reasonably relies on that certificate: the accuracy of all information the assurance that the signatory identified in the qualified certificate held the signature-creation data corresponding to the signature-verification data given or identified in the certificate; for assurance that the signature-creation data and the signature-verification data can be used in a complementary manner in cases where the certification-service-provider generates them both; In relation to a failure to register revocation of the certificate; AND the CSP does not prove that he has not acted negligently.

Supervision & Accredition Ministry of Economic Affairs Procedure described in the Royal Ordinance of 6 December 2002 on the accreditation of Certification Service Providers (CSP) Audit : cf. the requirements BE.SIGN accreditation is valid for three years

Final remarks A Q &