27 West Dean
SALISBURY
Wilts SP5 1JQ
Tel: 01794-341-405
Fax: 01794-340-026
eMail: rp@1sta.net
Internet Keyword: firstalpha
FAO Geoff Smith
Information Security Policy Group
Communications and Information Industries
Directorate
Department of Trade and Industry
Bay 226, 151 Buckingham Palace Road
London SW1 9SS
19th June 2001
Dear Mr Smith,
Re: DTI Consultation on
the EC Electronic Signature Directive 1999/93/EC.
Whilst I do not feel that I am sufficiently
qualified to answer the technical questions in
the DTI Consultation document, I do want to
comment on the implementation of the Digital
Signature Directive. This response should be
considered as being from a layperson's
perspective, although I am familiar with
Government Reports and Bureaucracy having acted
as Clerk to West Dean Parish Council for the last
ten years.
I do have a digital certificate issued by Thawte.com
of South Africa, which guarantees that my emails
are genuine. To assure Thawte that I am who I say
I am, my British Passport has been verified by
three UK based Thawte Web of Trust Notaries. My
digital certificate has thus been strengthened.
Since Thawte Consulting is a well established
global Trust Service Provider (TSP), I believe
that the British Government should study the
methodology employed by Thawte and incorporate a
similar implementation into the offices of the UK
Passport Agency. This Government Department
should operate multiple secure servers, to enable
the online verification of British Passports in
issue. Not only would this assist the issuers of
secure digital certificates but provide a method
by which a British Citizen could verify their
identity in the absence of their Passport.
A British Passport application has to be
countersigned by an appropriate person who has
known the applicant for at least two years. Both
an application for a postal vote and a share
transfer form need to be witnessed. Business
documents sometimes require to be notarised by a
solicitor. In each case, a written, signed
verification of identity is based on trust, which
is dependent on the integrity of the individuals
involved. In the event that a fraud is
perpetrated, the paper documents are produced as
evidence.
Ultimately, it is the server log files that
validate the authenticity of an electronic
communication. The date and time of a
communication becomes as significant as the
postmark on a posted letter. It is my opinion
that the British Government should maintain
secure servers in all departments, starting with
the Passport Agency, that would contain verified
identity information taken from the paper
applications that are already stored for
validation purposes. The secure server log files
will record every instance of access to stored
online documents and enable any abuses to be
recorded for subsequent investigation.
The EC Digital Signatures Directive appears to be
aimed at regulating the commercial operators who
will create the signature devices that will
attach a digital certificate to the paper based
proof of identity. There should certainly be some
form of regulation for these businesses but it
would be unfortunate if this was to stifle
innovation. The original, witnessed, written
document is unlikely to be replaced by a digital
device in the foreseeable future, therefore, if
legislation is to be enacted, it should address
the experimental nature of the development
environment.
Yours sincerely
Richard Philip Parsons
Delivered by email and FAX at 2:30pm on Tuesday,
19th June 2001.
|
