pal gov.tutorial6.session6.digital signature & e evidence
TRANSCRIPT
1PalGov © 2011 1PalGov © 2011
أكاديمية الحكومة اإللكترونية الفلسطينية
The Palestinian eGovernment Academy
www.egovacademy.ps
Dr. Samer Najjar Dr. Feras Milhem
Tutorial 6: The Legal Framework of New Technologies
Session6
Digital Signature & e-evidence
2PalGov © 2011 2PalGov © 2011
About
This tutorial is part of the PalGov project, funded by the TEMPUS IV program of the
Commission of the European Communities, grant agreement 511159-TEMPUS-1-
2010-1-PS-TEMPUS-JPHES. The project website: www.egovacademy.ps
University of Trento, Italy
University of Namur, Belgium
Vrije Universiteit Brussel, Belgium
TrueTrust, UK
Birzeit University, Palestine
(Coordinator )
Palestine Polytechnic University, Palestine
Palestine Technical University, PalestineUniversité de Savoie, France
Ministry of Local Government, Palestine
Ministry of Telecom and IT, Palestine
Ministry of Interior, Palestine
Project Consortium:
Coordinator:
Dr. Mustafa Jarrar
Birzeit University, P.O.Box 14- Birzeit, Palestine
Telfax:+972 2 2982935 [email protected]
3PalGov © 2011 3PalGov © 2011
© Copyright Notes
Everyone is encouraged to use this material, or part of it, but should properly
cite the project (logo and website), and the author of that part.
No part of this tutorial may be reproduced or modified in any form or by any
means, without prior written permission from the project, who have the full
copyrights on the material.
Attribution-NonCommercial-ShareAlike
CC-BY-NC-SA
This license lets others remix, tweak, and build upon your work non-
commercially, as long as they credit you and license their new creations
under the identical terms.
4PalGov © 2011 4PalGov © 2011
ILOs
• Introduce students with the rules of e-evidence as well as digital signature in Palestine.
والتوقع األلكترون ف مقدمة عن قواعد األثبات القانون•فلسطن
• Explain the importance of e-evidence and digital signature in general and for the e-government in particular
بان أهمة قواعد االثبات القانون والتوقع األلكترون •. بشكل عام، وللحكومة األلكترونة بشكل خاص
5PalGov © 2011 5PalGov © 2011
e-evidence
اإلثبات القانوني
– Digital evidence or electronic evidence is any probative information stored or transmitted in digital form that a party to a court case may use at trial.
– Before accepting digital evidence a court will determine if the evidence is relevant, whether it is authentic, if it is hearsay and whether a copy is acceptable or the original is required.
األدلة الرقمة أو اإللكترونة األدلة الثبوتة أة معلومات مخزنة –.أو منقولة ف شكل رقم الت قد تستخدم ف المحاكمة
قبل قبول األدلة الرقمة سوف تقوم المحكمة بتحدد ما إذا كانت –.األدلة مقبولة
6PalGov © 2011 6PalGov © 2011
e-evidence Found in
موجود في
– e-mails
– digital photographs
– ATM transaction logs
– word processing documents
– instant message histories
– files saved from accounting programs
– spreadsheets
– internet browser histories
– databases
– Contents of computer memory
– Computer backups
– Computer printouts
– Global Positioning System tracks
– Logs from a hotel’s electronic door locks
– Digital video or audio files
7PalGov © 2011 7PalGov © 2011
Legal foundation of e-evidence
اإلطار القانوني
- Absence of such a special law.
.غاب إطار قانون خاص-
- No case law available from Palestinian courts
غاب سوابق قضائة من محاكم فلسطنة -
- No any regulation of technologies to approve authentications such as digital signature
( التصدق االلكترون)ال وجد قانون نظم التوثق -
8PalGov © 2011 8PalGov © 2011
Evidence law 2001
2001قانون البينات
- No substantive rules to govern e-evidence
ال توجد قواعد جوهرة تنظم االثبات القانون-
- Only scattered rules: فقط قواعد مبعثرة وغر كافة
• Article 19: Correspondence and telegrams, telex, fax and e-mail, have the force of evidence if it originally filed in the Office of Export, signed by the sender. The cables are identical to the origin until proven to the contrary.
تكون للبرقات ومكاتبات التلكس والفاكس والبرد اإللكترون هذه القوة أضا إذا •كان اصلها المودع ف مكتب التصدر موقعا علها من مرسلها، وتعتبر البرقات
.مطابقة ألصلها حتى قوم الدلل على عكس ذلك
9PalGov © 2011 9PalGov © 2011
Evidence law 2001
2001قانون البينات
- Chapter 3 of the law stipulates that the
accounting records of merchants
constitute a proof against them
whether these records are on paper or
digital.
إعتبر الجزء الثالث من القانون أن الدفاتر التجارة حجة -
ولس على . على أصحابها سواء كانت ورقة أو رقمة
. الغر
10PalGov © 2011 10PalGov © 2011
The Law of Securities No. 12 of 2004
2004قانون األوراق المالية
- The Law legally acknowledged the
digital evidences in Securities related
disputes (article 101)
على الرغم مما ورد ف أي تشرع آخر، فإنه جوز -
اإلثبات بقضاا األوراق المالة والمعامالت الت تتم لدى
الهئة والسوق بواسطة البانات اإللكترونة أو الصادرة
عن الحاسوب وتسجالت الهاتف ومراسالت أجهزة
(101مادة . )التلكس والفاكسمل
11PalGov © 2011 11PalGov © 2011
What is needed to be done
ما يمكن عمله
• In some countries, a special law is
adopted, eg., Canadian E-evidence
Law.
ف بعض الدول، تم تبن قانون خاص باألثبات •
.القانون
• Some countries included scattered
rules in relative legislation. Eg. E-
commerce law or e-transaction law.
ف دول أخرى تم تضمن نصوص ف قوانن مختلفة •
مثل قوانن التجارة أو المعامالت االلكترونة
12PalGov © 2011 12PalGov © 2011
What is needed to be done
ما يمكن عمله
• UNCITRAL assigned some rules on e-
evidence and suggestions to assure
authentication and overcome security
difficulties
(This will be discussed later under e-
commerce section)
13PalGov © 2011 13PalGov © 2011
Some thing to think about
• Can the Palestinian courts weight an
email as a proof in a court litigation.
هل تستطع المحاكم الفلسطنة اإلعتماد على رسالة •
. إلكترونة كدلل إثبات ف قضة أمام المحاكم
14PalGov © 2011 14PalGov © 2011
Summary
• Palestine lacks the legal foundation of
E-evidence, amendments to exiting
laws or a harmonized law should be
adopted.
. تفتقر فلسطن إلى إطار قانون ناظم للتوقع األلكترون•
جب تبن إما تعدالت على قوانن قائمة أو تبن قانون
. شامل
15PalGov © 2011 15PalGov © 2011
References
• Palestinian Law on Evidence of 2001.
• Palestinian Law on Securities Law 2004.
• Palestinian Draft e-transactions law.
• CRIDS, University of Namur, PowerPoint Presentation on E-evidence, 2011.
• Interview with Dr. Amin Dawas, Arab-American University of Jenin 5 Oct. 2011.
• http://www.uncitral.org/pdf/english/texts/electcom/05-89450_Ebook.pdf
16PalGov © 2011 16PalGov © 2011
Digital Signature التوقيع الرقمي
• Dr. Samer Najjar
17PalGov © 2011 17PalGov © 2011
Digital Signature, what is it?
• A digital signature is an electronic
signature produced by a code (software)
that can be used to authenticate the
identity of the sender of a message or the
signer of a document.
التوقع الرقم هو توقع الكترون ناتج عن استعمال •
برنامج خاص، ومكن استخدامه للتأكد من هوة المرسل
لرسالة او لمن وقع وثقة الكترونة
18PalGov © 2011 18PalGov © 2011
Digital Signature, what is it?
• It can be used to ensure that the
original content of the message or
document that has been sent is
unchanged.
كذلك مكن استخدامه للتاكد من ان محتوى الرسالة او •
الوثقة االصلة المرسلة الكترونا لم تغر
19PalGov © 2011 19PalGov © 2011
Digital Signature
• A digital signature can be used with any kind of message, whether it is encrypted or not, simply so that the receiver can be sure of the sender's identity and that the message arrived intact. *
التوقع الرقم مكن استخدامه ألي نوع من الرسائل سواء •كانت مشفرة ام ال، وستعمل حتى تأكد المستلم ان السالة
المستلمة لم حدث لها اي تغر
* Global e-securirty:4th International conference, ICGe, 2008, edited by Hamid Jahankhani, Kenneth Revett, Dominic Palmer-Brown - 2008 - Business & Economics - 310 pages.
20PalGov © 2011 20PalGov © 2011
Digital Signature
• A digital certificate contains the digital
signature of the certificate-issuing
authority so that anyone can verify that
the certificate is real.*
الشهادة الرقمة تحتوي على التوقع الرقم للجهة •
المصدرة بحث ستطع اا كان التحقق من ان الشهادة
اصلة* Ran Canetti: Universally Composable Signature, Certification, and
Authentication
21PalGov © 2011 21PalGov © 2011
Digital Certificate
Digital Certificate:
Digital Certificate provides a means of proving one’s identity in electronic transactions.
A Digital Certificate is issued by a Certification Authority (CA) and signed with the CA's private key.
Normally it contains:
• Owner's public key
• Owner's name
• Expiration date of the public key
• Name of the issuer (the CA that issued the Digital Certificate)
• Serial number of the Digital Certificate
• Digital signature of the issuer
22PalGov © 2011 22PalGov © 2011
Digital Signature
• Digital signatures: التوقيعات الرقمية
- Cannot be sent by itself المكن ارساله لوحده
- Identifies the signatory تحدد هوة المرسل
- Easily transportable, مكن نقله بسهولة
- Cannot be forged, ال مكن تزوره
- Can be automatically time-stamped.
خاتما للزمن بشكل اوتوماتك اعطاؤهمكن
23PalGov © 2011 23PalGov © 2011
How it works
• Send a document from A to B by e-mail:
- “A” writes document in his email
- By using special software, “A”, gets a
message hash, which can be thought of
as message summary
- “A”, uses private key to encrypt the hash
- This encrypted hash is the digital
signature of this document
24PalGov © 2011 24PalGov © 2011
How it works
• Send a document from A to B by e-mail:
- “B” receives the document by his email
- “B”, makes a hash of the message
- “B”, uses the public key provided to him by
“A” to decrypt the hash
- If the hashes match the message and
identity of “A” are verified
25PalGov © 2011 25PalGov © 2011
Digital Signature Standard (DSS)
• Digital Signature Standard (DSS):*
- is a digital signature algorithm (DSA), that
calculates two large numbers within
parameters to authenticate e-documents
- Developed by U.S. National Security
Agency (NSA) in 1994
- It has become the US government standard
for authentication of electronic documents.* Recommendation for Key Management -- Part 1: general, NIST Special Publication 800-57, p. 62–63
26PalGov © 2011 26PalGov © 2011
References
• Recommendation for Key Management -- Part 1: general, NIST
Special Publication 800-57, p. 62–63
• Ran Canetti: Universally Composable Signature, Certification, and
Authentication
27PalGov © 2011 27PalGov © 2011
Session End