workshop on registered electronic mail policies and implementations ankara, 16-17 march 2015 davide...

Workshop on registered electronic mail policies and implementationsAnkara, 16-17 March 2015

Davide [email protected]

The use of electronic signatures and its infrastructures within the REM framework

mailto:[email protected]

A few words on AGCOM

2

AGCOM is an independent and convergent regulatory authority established in 1997 by Law 249/97 for the whole communications system in Italy.

AGCOM is one of the first convergent regulators established in Europe, designed to tackle the challenge posed by the continuous technological developments of the communications sector.

A few words on AGCOM

• AGCOM has the task to regulate the markets, monitor the operators’ compliance to the obligations, enforce its decisions also through the imposition of penalties in the following sectors:

3

• Audiovisual sector

• Electronic communications sector

• Press

• Postal services (following Decree 201/11)

E-Signature and REM

1. Why sign digitally a document that will be sent by REM?

2. Interoperability between e-signature and REM.

3. Legal value and evidential effectiveness of informatics writing.

4

Registered E-Mail (REM)

• Enhanced form of e-mail which provides evidence relating to the handling of an e-mail including proof of submission and delivery.

5

Legal value of REM

• What is proved by a REM receipt?1. That an email (text and documents

attached) has been sent by the sender’s account to its provider.

2. That the email was received by the addressee’s server.

3. That the email was displayed by the addressee.

6

Legal value of REM

• What is not proved by a REM receipt?1. The identity of the signatory of the

document sent.2. The time (place) of the signature. 3. The integrity of the document from time

of signature to moment the document is sent.

7

Identity of the signatory

• Reg. 910/2014, art. 44: «Qualified electronic registered delivery services […] ensure with a high level of confidence the identification of the sender».

• But doesn’t prove that the signatory has the legal power to bind company/public administration to respect the agreement/decisions.

8

Time (place) of the signature

• Reg. 910/2014, art. 44: «Qualified electronic registered delivery services […] ensure with a high level of confidence the date and time of sending, receiving».

• But doesn’t prove the time and the place of signature that could be relevant.

9

Integrity of the document

• Reg. 910/2014, art. 44:«Qualified electronic registered delivery services […] preclude the possibility of the data being changed undetectably».

• But doesn’t prove that the document has not be changed after the signature and before it is sent.

10

E-Signature in Italy

Italy was one of the first countries in the world to equate the legal effects of an electronic document, subscribed with a digital signature, to documents written and subscribed on paper.

11


• The legislative position is controlled by the Codice dell’Amministrazione Digitale (Digital Administration Code, (CAD)), introduced into law by Law Decree 82/2005.

• This legislation served to enable information technology to be used to improve efficiency in the public administration, but its implementation has proceeded very slowly.

12


• The EU Directive 1999/93/EC caused changes to be made to the Italian legislation.

• The Directive aimed to facilitate the use of electronic signatures and contributed to their legal recognition within the Member States of the European Union.

13

• In Italy, the legislation implemented before the adoption of the Directive referred exclusively to public-key encryption.


14

4 types of e-Signature in Italy

1. Electronic signature: the set of data in electronic form attached to or logically associated with other electronic data,

used as method of identification.

15


2. Advanced electronic signature: the set of data in electronic form allowing the identification of the

signatory of the document and providing a unique connection to the signatory.

16


3. Qualified electronic signature: a particular type of advanced electronic signature based on a qualified certificate and created by a secure device for the

creation of the signature.

17


The certificate in this case does not ‘manifest and verify the origin and integrity of an electronic document’, since the sender does not intend to ‘sign’ a document, but simply identify himself.

18


4. Digital signature: a particular type of advanced electronic signature based on a qualified certificate and

a system of cryptographic keys.

19


• Electronic signature

• Advanced electronic signature

• Qualified electronic signature

• Digital signature

20

E-Signature and REM




21

Interoperability e-signature & REM

• Interoperability describes the extent to which systems and devices can exchange data, and interpret that shared data.

• For two systems to be interoperable, they must be able to exchange data and subsequently present that data such that it can be understood by a user.

22


• E-signature standard: ETSI TS 101 733 V1.8.1 (2009-11)– Europe: .p7m– International: .xml

23


• A range of REM services are established across Europe and the number of services are set to grow significantly.

• The lack of standardization might affect interoperability between REM based systems implemented on the basis of different models.

24


• Anyway, the lack of standardization in REM would have no direct affect on e-signature standard or interoperability.

• E-signature could be included in a .p7m file as well as .xml file, and so could be sent as an attachment in a different way.

25

E-Signature and REM




26

Legal value of informatics writing

Concerning value in law, it is necessary to distinguish the following: 1. Writings in which the requirement of written

form under penalty of invalidity2. All other writings, in which the written form

is required only for evidentiary purposes

27


• The probative value of: – an electronic document subscribed with an

electronic signature– an electronic document subscribed with an

advanced, digital or qualified electronic signature

28


• Documents that are signed by digital and qualified electronic signatures are presumed to be signed by the owner of the signature device, unless he proves the contrary.

29

E-Signature and REM

Example

30

E-signature & REM in AGCOM

• AGCOM use e-signature and REM in order to apply the Regulation on Copyright on the Internet.

31


• The intellectual property rights holder sends a claim to AGCOM via the web site www.ddaonline.it filling in a form.

32

http://www.ddaonline.it/

http://www.ddaonline.it/


• The decision is signed by the President and by the Commissioners of AGCOM and then access providers are notified to block the DNS code of the illegal web site.

• Notifications are done using Italian REM (PEC).• If access providers do not respect the AGCOM

order, AGCOM has the power to impose a sanction on them.

33

Thank you for the attention

Avv. Davide Mula [email protected]

34

workshop on registered electronic mail policies and implementations ankara, 16-17 march 2015 davide...

Documents

rem framework slide

electronic document

time of signature

legal value of rem

agcom agcom

rem receipt

place of signature

digital signature