APPLICATION OF ELECTRONIC SIGNATURES IN TRANSFERRING THE INFORMATION ABOUT SPACE

Transcription

1 APPLICATION OF ELECTRONIC SIGNATURES IN TRANSFERRING THE INFORMATION ABOUT SPACE Agnieszka Gryszczyńska Faculty of Law Cardinal Stefan Wyszyński University tel , Introduction The purpose of this work is to analyse the possibility of using electronic signature in transferring information about space. There will be presented the essence of electronic signature, legal framework established for electronic signature in international law and Polish regulation referring to electronic signature. There will be discussed civil legal consequences of putting signature and possibility of coding and verification with the aid of electronic signature. Due to many functions of electronic signatures, they may be used at different stages of data processing. 1. Functions of electronic signature The main functions of electronic signature may be: Signatures for Identification, serve to prove possessing private key. Signatures and certificates serve only to authenticate the system and identify the person trying to get access (e.g. to server or database). Identification is based on signing the random data sent by server demanding verification for signature and verification the electronic signature put in that way 34. Signatures for Authentication, are put automatically be devices. Signatures for declaration of knowledge, this signature serves to confirm reading or receiving a document Declaration of will Signatures as declaration of will, prove making declaration of will. Confirmation of originality enables to distinguish the original from a copy. Confirmation of integrity ensures detection of changes in signed data. Confirmation of learning about data confirms sending or receiving data 2. Legal base for electronic signature 2.1. Regulation of electronic signature under the model law UNCITRAL UNCITRAL, United Nations Commission on International Trade Law, in 1996 passed a model law on electronic trade, which defines rules of using modern means of communication and gathering information 35. The model law indicates international character of electronic trade. The most important feature of this act is legal acknowledgement of transferring data in electronic form (EDI - Electronic Data Interchange) Art. 7 of the model law regulates electronic signature. Regulation in art. 7 of the model law proved to be insufficient, so UNCITRAL directed the working group to prepare a detailed project on electronic signature. The model law on electronic signatures was passed in The text of the act is accompanied with comments, which aim at ensuring appropriate implementation of the law into domestic law Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures The need for unifying the law regulating trade and electronic signature also acknowledged the European Union. The legal framework for functioning of electronic signature introduces the Directive of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic 34 R. Podpłoński, P. Popis, Podpis elektroniczny, Komentarz, Warszawa 2004, p UNCITRAL Model Law on Electronic Signatures with Guide to Enantment 2001, New York 2002, 131

2 signatures 37. It harmonizes the law of the European Union countries regulating using electronic signature in civil law transactions, establishes legal framework for electronic signatures and some certification services, which is aimed at ensuring good functioning of internal market and using electronic signatures in legal transactions. Its purpose is to make using electronic signature easier and promoting its legal acknowledgment. In this act there are contained legal conditions for electronic signature and defined certification services. The Directive express the rule of technologic neutrality, electronic signatures are not only those based on public key infrastructure (PKI), but they may also be signatures created on the basis of other technologies, provided that they meet legally defined conditions. According to a definition, electronic signature means data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication. Electronic signature cannot be denied legal effectiveness and admissibility on the ground that it is in electronic form, or not based upon a qualified certificate, or not based upon a qualified certificate issued by an accreditied certification-service-provider, or not created by a secure signature-creation device. To ensure confidence and security of electronic commerce, Directive define also advanced electronic signature, which means an electronic signature which meets following requirements: It is uniquely linked to the signatory, It is capable of identifying the signatory, It is created using means that the signatory can mantain under his sole control, It is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable. The Directive was implemented in all state members of the European Union 38, which enables functioning unified system of electronic signatures Electronic signature act of September 18, 2001 Passing the electronic signature law was forced by necessity for adjusting Polish law to the law of the European Union, especially to the Directive of European Parliament and Council 1999/93/WE of December 13, The principal effect of the electronic signature act is making some changes in the civil code and modification art. 60 and 78 of the civil code, which regulate declaration of will and form of legal acts. Passing the electronic signature act was without doubt a very important step in adjusting Polish law to demands of electronic transactions. 3. The essence of electronic signature 3.1. Electronic signature According to article 3 pt 1 of Polish act, an electronic signature are data in electronic form, which together with other data, to which they were attached or with which are logically linked, serve to identify the person putting electronic signature. The term data in electronic form should be understood as every possible representation of information, prepared, stored or sent in electronic form. The act doesn t limit the definition of data in electronic form to data in digital form, that is the form, in which the information is stored or sent in binary form (sequence of zeros and ones). The binary form isn t used for example in data recorded on a video or tape-recorder cassette 39. Therefore, electronic signature is every possible electronic identification of individuals. Wide definition of electronic signature allows to state, that an revealing the sender s data is also an electronic signature O.J. L 013, The legal and market aspects of electronic signatures, Legal and market aspects of the application of Directive 1999/93/EC and practical applications of electronic signatures in the Member States, the EEC, the Candidate and the Accession countries, Study for the European Commission DG Iformation Society, Katholieke Universiteit Leuven, september2003, 39 J. Jacyszyn, J. Przetoki, A. Wittlin, S. Zakrzewski, Podpis elektroniczny, Komentarz do ustawy z 18 września 2001, Warszawa 2002, p R. Podpłoński, P. Popis,..., p

3 3.2. Safe electronic signature Article 3 pt 2 of the act introduces into legal transactions safe electronic signature. This term means an electronic signature which: is matched exclusively to the person putting this signature; is put with the aid of, subjected to the exclusive control of the person putting the signature, safe devices used for putting electronic signature and data used for putting electronic signature and is connected with the data, to which it was attached in the way, that any later changes in these data are recognisable. Putting this signature requires an active participation of the person putting this signature this person must have some attributes (e.g. biometric features while verifying the signature with the aid of iris, specific knowledge giving code or password, specific objects e.g. devices for putting electronic signature). In addition, the signature is in a specific way connected with the data, which ensures integrity of the signed data and certainty, that any later changes will be recognised. Electronic signature is put with the aid of data used for putting electronic signature. Every user can have some data of this kind, thanks to which may put different electronic signatures. Form of signature depends on signed data and data used for putting signature. Safe signature should be put with the aid of devices exclusively controlled by the person putting this signature and data serving to put the signature. According to Polish law, a device for putting signature is hardware and software configured in the way that allows to put electronic signature or certificate with the use of data serving to put electronic signature or certification. 4. Civil law effects of using electronic signature Electronic signature acts in the article 8 introduces a rule, that validity and effectiveness of electronic signature can t be refused only because it is in electronic form or data used for signature verification don t have qualified certificate or haven t been put with the aid of a safe device serving for putting electronic signature. The content of article 8 is based on article 5 pt 2 of the Directive and article 9 of the electronic trade model act from 1996 and article 9 of the directive 2000/31/EC regulating some electronic trade issues. 41 Additionally, the electronic signature act supplemented the article 60 of Polish civil code with the statement, that the will of the subject declaring his will may also be expressed by revealing this will in an electronic way 42. Electronic declaration of will a declaration made with use of information technology, may be expressed by any behaviour of a person, intending to create defined legal effects, taking into account accompanying circumstances, rules of equity and established customs 43. The electronic signature act creates legal conditions for using electronic signature in legal transactions as equal to handmade signature. According to article 5 of the act safe electronic signature verified with qualified certificate creates legal effects defined by law if it is put during validity of this certificate. Data in electronic form with safe signature verified with the aid of valid qualified certificate are legally equal to documents with handmade signatures, except as otherwise stated by law. 5. Coding and verification of data signed with electronic signature. Safety of using electronic signature is based on making it impossible to unauthorized use this signature on behalf of another person. 41 W. J. Kocot, Charakter prawny podpisu elektronicznego, PPH, nr 4/2002, p Borowicz K., Ustawa o podpisie elektronicznym. Komentarz, Bielsko-Biała 2002, Butkiewicz M., Wpływ ustawy o podpisie elektronicznym na formę czynności prawnych, Przegląd Prawa Handlowego 2003/4 p. 30, Drozdowicz M., (Nie)bezpieczny podpis elektroniczny, PPH 2003/1/27, Jacyszyn J., Przetocki J. (red.), Wittlin A., Zakrzewski S., Podpis elektroniczny. Komentarz do ustawy z 18 września 2001 r., Warszawa 2002, Kocot W.J., Charakter prawny podpisu elektronicznego, PPH 2002/4/36; Radwański Z., Elektroniczna forma czynności prawnej, M.Prawn. 2001/22/1107; Szostek D, Podpis elektroniczny - problemy cywilnoprawne, PPH 2002/1/41, Wejman F, Wprowadzenie do cywilistycznej problematyki ustawy o podpisie elektronicznym, Pr.Bankowe 2002/2/37, 43 E. Wyrozumska, Elektroniczne oświadczenie woli w ustawie o podpisie elektronicznym i po nowelizacji kodeksu cywilnego, PPH nr 8/2003, p

4 The safety is realized in three fields: cryptographic (using special coding algorithms), technical (generating cryptographic keys in appropriate conditions and then storing the private key in correct way) and legal (criminal law regulation). At present the method guarantying appropriate safety of creating electronic signatures is based on asymmetric cryptography. Contrary to this method is symmetric cryptography, which uses only one key secret key. In asymmetric cryptography two keys are used. Algorithm is based on using in coding a very big prime, from which may be derived another very big prime. With the aid of the first number the message is coded, with the aid of the other, even though it s different from the firs one, the information may be decoded. One of first implementations of this techniques was a system based on RSA algorithm. The algorithm is based on existence of mathematical functions, which can be easily processed in one way, but it s hard to put it back. The fastness of coding with use of RSA algorithm is affected by length of document. Problem of long signatures was solved by application one-way abbreviation function, thanks to which instead of document, hash value created on the basis of this document is signed. As a result of abbreviation function, document extract is created transforming the content of document into sequence of bits, which doesn t reveal the document content. 44 Hashing ensures uniqueness of abbreviation of message and it is not possible to create two different documents with the same control values. In this way is created so called short electronic signature, which is attached to the original document sent in a public or coded form. Procedure of signing a document with an electronic signature based on asymmetric cryptography with use of abbreviation function, proceeds in the following way. 1. For document X is calculated value h(x), where h is an established hashing function. Hashing function generates one value on the basis of the whole file content. It s not possible to regenerate the file content on the basis of hashing function. 2.Value h(x) is coded by a sender with the aid of private key (electronic signature is put) 3. The sender sends the recipient a file with a document and a document abbreviation value signed with a private key (certificate or qualified certificate should also be attached in order to verify the sender s identity). If the sender would like to keep the sent data secret, may use coding the whole text with the aid of session key. The key used to code the document is coded by the sender with the recipient public key so that the recipient can decode the document. In this case only the recipient may decode the session key using his private key, with which he then decodes the document. 4. After receiving signed document abbreviation, the addressee calculates with the aid of computer the document abbreviation value, which he received. Then he checks if the abbreviation function value received from the sender is equal to function value calculated on the basis of the document. Summary Due to various functions fulfilled by electronic signatures, these signatures may be used at different stages of data processing in spatial information system. Signatures may serve to authenticate in the system the person trying achieve access to server or database, confirm the data integrity or declare the will and knowledge. At international level the basis for using electronic signature was defined in the model acts UNCITRAL and in the European Union law creating legal framework for electronic signature. In Poland electronic signature is regulated by the act of September 18, The term electronic signature is extremely broad, has got general character and means result of using with electronic message a technology, which allows to attribute to this message some features of handmade signature. In Polish law two legally defined electronic signatures may be defined: it s a electronic signature (common) and a safe electronic signature. Additional specific functions has got the safe electronic signature verifying with the aid of the valid qualified certificate. There are many types of electronic signatures. They are described on the basis of many different criteria: e.g. used method, purpose or characteristic of the 44 J. Jacyszyn, S. Zakrzewski, Podpis elektroniczny jako element systemu zabezpieczenia danych w sieci, Rejent, nr 10, X. 2001, p

5 signature. Safety of using electronic signature is based on making it impossible to unauthorized use this signature on behalf of another person. The safety is realized in three fields: cryptographic, technical and legal. An important role in guarantying safety of transactions play also subjects providing certification services, whose task is to verify the people using advanced electronic signatures. Bibliography 1. Borowicz K., Ustawa o podpisie elektronicznym. Komentarz, Bielsko-Biała 2002, 2. Buonomo G., Processo telematico e firma digitale, Milano Butkiewicz M., Wpływ ustawy o podpisie elektronicznym na formę czynności prawnych, Przegląd Prawa Handlowego 2003/4 4. Drozdowicz M., (Nie)bezpieczny podpis elektroniczny, PPH 2003/1/27, 5. Finocchiario G., Firma digitale e firme elettroniche, Milano Gaweł J., Świerczyński M., Wprowadzenie do projektu ustawy modelowej UNCITRAL o podpisach elektronicznych i projekt ustawy modelowej, Kwartalnik Prawa Prywatnego 2001/1 7. Jacyszyn J., Podpis elektroniczny w praktyce notarialnej, Rejent 2003/12 str Jacyszyn, J. Przetoki, A. Wittlin, S. Zakrzewski, Podpis elektroniczny, Komentarz do ustawy z 18 września 2001, Warszawa Jacyszyn, S. Zakrzewski, Podpis elektroniczny jako element systemu zabezpieczenia danych w sieci, Rejent, nr 10, X Kocot W.J., Charakter prawny podpisu elektronicznego, PPH 2002/4/36; 11. Kocot W.J., Elektroniczna forma oświadczeń woli, PPH nr 3/2001, 12. Kocot W.J., Wpływ Internetu na prawo umów, Warszawa Marucha M., Nowa ustawa o podpisie elektronicznym, Monitor Prawniczy 2002/2 Radwański Z., Elektroniczna forma czynności prawnej, M.Prawn. 2001/22/1107; 14. Podpłoński R.,. Popis P, Podpis elektroniczny, Komentarz, Warszawa Prawo Internetu, red. P.Podrecki, Warszawa Rzymowski, M. Kamiński, Podpis elektroniczny, Komentarz, Łódź Szostek D, Podpis elektroniczny - problemy cywilnoprawne, PPH 2002/1/41, 18. Szostek D. Elektroniczna data pewna, PPH 2003/3/19, 19. Szostek D., Dyrektywa Parlamentu Europejskiego i Rady Europy w sprawie podpisu elektronicznego, Rejent, nr 12 (128), Wejman F, Wprowadzenie do cywilistycznej problematyki ustawy o podpisie elektronicznym, Pr.Bankowe 2002/2/37, 21. Wyrozumska E., Elektroniczne oświadczenie woli w ustawie o podpisie elektronicznym i po nowelizacji kodeksu cywilnego, PPH 2003/8/45 135