Electronic Forum on Electronic Signature 2010 Summary
On 9 – 11 June 2010 in Amber Baltic Hotel in Międzyzdroje took place the 10th edition of the European Forum on Electronic Signature – EFPE 2010, under the honorary patronage of the Minister of Economy, the European Committee for Standardization (CEN), the Polish Committee for Standardization (PKN) and the Polish Bank Association.
This Europe’s largest annual international conference on electronic signature and PKI was attended by 110 participants from 16 countries in Europe and Asia: Belarus, Belgium, Czech Republic, Germany, Hungary, Italy, Kazakhstan, Lithuania, Moldova, Netherlands, Russia, Spain, Switzerland, Ukraine, United Kingdom (together 51 participants from abroad) and Poland. Attendees represented certification authorities from different countries, software and hardware solutions suppliers, the European Commission, as well as national public administration representatives including the Polish Ministry of Economic, Ministry of Justice and Ministry of Interior and Administration.
The tenth, jubilee edition of EFPE became an occasion to summarize the activities related to electronic signatures and PKI issues since the past 10 years. The conference also allowed to estimate development of practical applications of e-signature and e-identification in Poland, in the European Union, as well as in Russia and other countries.
The main topic of the conference was “European plan on e-signature and e-identity”. A special emphasis in the conference agenda additionally to lectures, presentations and practical workshops was paid to discussions and polemics conducted during two roundtables with participation of representatives of government and business experts, namely:
Electronic signature, interoperability and general electronic services. Are we finally witnessing the beginning of a breakthrough on the European scale?” oraz Electronic identification of a citizen in public services systems – are local solutions leading to isolation or are we going to achieve cross border information exchange?”
As every year, there was an open exchange of views between the participants of the conference in the field of implemented concepts, technologies and solutions. In particular special attention was paid to interoperability problems and cross-border solutions designed for the use within a single country, the European Union, the CIS (Commonwealth of Independent States) and in the wider international scale. Representatives of EU countries agreed with the thesis that in recent years there has been clear progress in creating a legal framework for effective use of electronic communication in business and administration. Attention was also paid to the role of the new electronic signatures services, such as cross-border electronic signature verification or certificates attributes infrastructure.
However mostly discussed issues were related to the risks and barriers blocking the development of information society. Very high emotions aroused presentations and speeches about the need to harmonize acts in different countries with the directives and other EU regulations. As resulting from many speeches related to abovementioned harmonization many countries will have to face problems in adjusting legal systems, unfortunately including Poland. It has been also confirmed by the lively discussion on the draft of the new Polish act on electronic signatures and the draft of act on identity cards. Discussion participants pointed out preferred in our country local solutions of “insular” character which even could be seen as isolation in relation to the European Union.
Strongly discussed was also the necessity of a comprehensive approach in the field of legislative changes. Legal acts should not be created without not having estimated their impact on other regulations, and without the possibility of practical implementation of these laws.
Conference participants repeatedly remarked that according to the European Commission Decision of 16.10.2009 on the recognition of electronic signatures, basic and universally recognizable form of a legally binding signature should be the electronic signature based on a qualified certificate. Precisely in order to implement this idea there has been recently created the EU List of Lists, containing a list of qualified certification authorities operating in different EU countries (TSL lists).
EFPE 2010 Conclusions and recommendations
As a result of numerous discussions the main threats and demands have been identified, that as a final summary were made by a commission in the form of nine EFPE 2010 conference conclusions. Meeting those conclusions, according to the vast majority of the conference participants, should lead to the achievement of interoperability and cross-border exchange of electronic signatures and documents, and thus ensure the successful implementation of the European development plan for electronic signature and electronic identity, therefore:
Coordination of state e-government services, e-Goverment in each country should be conducted at the central level to avoid single departments solutions and lack of interoperability across the entire government.
Each implementation related to electronic communications should apply technology solutions which ensure certain level of security adequate to the identified level of risk. If a transaction requires the signature of the individual person an electronic signature, based on a qualified certificate should be used. This will ensure cooperation between different systems within the particular country and internationally.
Acts and regulations on electronic signatures and electronic documents should not contain detailed technical requirements, but should only refer to the norms and standards. In case of Poland the legitimacy of the inclusion of Polish Committee for Standardization in the legislative work relating to technical requirements has been submitted.
The level of confidence of certification services and other services related to electronic signatures, such as time stamping, verification of electronic signatures and issuing certificates of attributes should be clearly defined, so that the users of these services could be aware of their reliability. For entities providing services with the highest level of reliability similar criteria could be applied, as in the case of entities issuing qualified certificates.
Legal regulations and implementing projects are mainly aimed at solving the problems of public administration, and are not taking strong enough the requirements and expectations of business and individual users or consumers in the field of availability, scope and quality of electronic services into the account.
If we want to ensure electronic document cross-border exchange between the European Union (EU) and other countries special attention should be paid to the decisions of the Commonwealth of Independent States (CIS) on the common customs territory of Russia, Kazakhstan and Belarus, where the role of a trusted Third Party of certification services was indentified, in order to solve the problems related to the interoperability of systems operating in different countries.
There is a strong need for closer cooperation between the relevant committees of the EU and Russia as well as organizations representing the interests of other countries interested in creating legal and technical framework, that will allow to achieve the cooperation in exchanging electronic documents between all countries. It would be beneficial if the representatives participated in the meetings of working groups developing the legal and technical framework of e-documents and e-signature. It is required in order to achieve the possibility of electronic exchange between the UE and the countries of the CIS.
European Union countries creating national system of electronic documents, e-identity should comply with the standards and directives on electronic signatures and e-identification of the citizen in order to achieve interoperability of national systems in various EU countries, and above all, in order to avoid e-inclusion of citizens from different countries in terms of electronic document exchange within the Union.
EU countries should notify all drafts of acts concerning the use of electronic signatures and electronic identity as well as identification in order not to block by the Union the already adopted regulations in the particular countries, which have not undergone prior notification. This case had already happened in the past.
Międzyzdroje, Poland 11.06.2010