Presentation is loading. Please wait.

Presentation is loading. Please wait.

Drt 6455 eCommerce Law lesson 2 – Legal Security Mangement Example of An Act to Establish a Legal Framework for IT associate professor faculty of law university.

Published byMary Diaz Modified over 10 years ago

Similar presentations

Presentation on theme: "Drt 6455 eCommerce Law lesson 2 – Legal Security Mangement Example of An Act to Establish a Legal Framework for IT associate professor faculty of law university."— Presentation transcript:

1 drt 6455 eCommerce Law lesson 2 – Legal Security Mangement Example of An Act to Establish a Legal Framework for IT associate professor faculty of law university of montreal university of montreal chair in e-Security and e-Business law www.gautrais.com

2 2 An Act to establish a legal framework for information technology (Quebec) (L.R.Q. c-1.1)

3 3 Know your Law : Guide Respecting the Management of Technology-based documents - An Act to establish a legal framework for information technology (R.S.Q., C-1.1)Know your Law : Guide Respecting the Management of Technology-based documents - An Act to establish a legal framework for information technology (R.S.Q., C-1.1) (11/2005) Afin dy voir clair Guide relatif à la gestion des documents technologiques

4 4 plan 1 – Legal change, new legislation … a guide 2 – Guiding Principles of the Act 3 – Managing technology-based documents in a secure manner 4 – Use of technology-based documents as evidence 5 – Legal Management of Digital Signature

5 5 1

6 6 2.1illustrations of innovation New risks New technologies New advantages New inconvenients New objectives New words New laws

7 7 2.1.A new risks Ignorance Immateriality Habits Obscurity Internationality Identification of document attributes –Confidentiality –Authentification –Non-repudiation –Disponibility –Integrity

8 8 2.1.B new technologies technology-based document Email = technology-based address Internet « Log » Identifier etc.

9 9 2.1.C new advantages Quick Efficient Transportable Immaterial

10 10 2.1.D new inconvenients Quick Immaterial New Habit Multiplicity Effectivity –Law is not clear (EX: 34) –34. « Where the information contained in a document is declared by law to be confidential, confidentiality must be protected by means appropriate to the mode of transmission, including on a communication network. » –Law is difficult to apply

11 11 2.1.E new objectives Remove barriers to eCommerce –EX: writing –EX: signature –EX: original Precise security –EX: email / SMS –EX: whats means to be secure? protect people –EX: 29 AELFITAELFIT

12 12 identifier etc… transfer documentation certification document technology-based document Life cycle 2.1.F new words

13 13 2.1.G new laws New Processual –EX: SOX Section 404 and Internal control –EX: PIPEDA Schedule 1 –EX: AELFITAELFIT

14 14 2

15 15 2-2-A Technological neutrality Law doesnt favor one technology in particular –EX: Utah, Singapore, Italy, Portugal, Germany, etc. –EX: certification But law need to be a little prescriptive –Neutre doesnt mean silence –Silence in laws EX: Whats the meaning of « Integrity »? EX: 34 AELFITAELFIT

16 16 2-2-A Technological neutrality United Nations Convention on the Use of Electronic Communications in International Contracts (2005)United Nations Convention on the Use of Electronic Communications in International Contracts –8.1. A communication or a contract shall not be denied validity or enforceability on the sole ground that it is in the form of an electronic communication. –9.1 Nothing in this Convention requires a communication or a contract to be made or evidenced in any particular form. AELFIT –5.The legal value of a document, particularly its capacity to produce legal effects and its admissibility as evidence, is neither increased nor diminished solely because of the medium or technology chosen. Chinese Law –Article 7 The use of a data message as evidence may not be refused solely on the grounds of its creation, transmission, receipt or storage in electronic, optical, magnetic or other similar fo

17 17 2-2-B Functional e quivalent What are functions of paper and transpose them to electronic –Document finding a criteria –writing transposable –Signature at each concept –Original –Copy

18 18 2-2-C integrity Main criteria which give some « Legal Value » to a document –Evidence Admissibility Probative force –But what it is?

19 19 writing AELFIT (L.R.Q. c. C-1.1) art. 5AELFIT (2) A document whose integrity is ensured has the same legal value whether it is a paper document or a document in any other medium, insofar as, in the case of a technology-based document, it otherwise complies with the legal rules applicable to paper documents. (…) Where the law requires the use of a document, the requirement may be met by a technology-based document whose integrity is ensured.

20 20 2839. The integrity of a document is ensured if it is possible to verify that the information it contains has not been altered and has been maintained in its entirety, and that the medium used provides stability and the required perennity to the information. 2839 CCQ

21 21 2-2-D writing Examples of laws requiring a writing form –13 (4) Copyright Act –19 Consumer Protection Act (Ontario) –Consumer Protection Act (Quebec) What are writing functions (see UNCITRAL eCommerce Model Law with Guide to Enactment (1996))UNCITRAL eCommerce Model Law with Guide to Enactment

22 22 writing 48. In the preparation of the Model Law, particular attention was paid to the functions traditionally performed by various kinds of writings in a paper-based environment. For example, the following nonexhaustive list indicates reasons why national laws require the use of writings: (1) to ensure that there would be tangible evidence of the existence and nature of the intent of the parties to bind themselves; (2) to help the parties be aware of the consequences of their entering into a contract; (3) to provide that a document would be legible by all; (4) to provide that a document would remain unaltered over time and provide a permanent record of a transaction; (5) to allow for the reproduction of a document so that each party would hold a copy of the same data; (6) to allow for the authentication of data by means of a signature; (7) to provide that a document would be in a form acceptable to public authorities and courts; (8) to finalize the intent of the author of the writing and provide a record of that intent; (9) to allow for the easy storage of data in a tangible form; (10) to facilitate control and sub- sequent audit for accounting, tax or regulatory purposes; and (11) to bring legal rights and obligations into existence in those cases where a writing was required for validity purposes.

23 23 writing UNCITRAL Model Law criteria: article 6UNCITRAL Model Law usable for subsequent reference As in Ontario And in REC (est of Canada) As in United Nations Convention on the Use of Electronic Communications in International Contracts (2005)United Nations Convention on the Use of Electronic Communications in International Contracts –9.2. Where the law requires that a communication or a contract should be in writing, or provides consequences for the absence of a writing, that requirement is met by an electronic communication if the information contained therein is accessible so as to be usable for subsequent reference.

24 24 writing French Law (March 12th, 2000) http://www.legifrance.gouv.fr/citoyen/jorf_nor.ow?numjo=JU SX9900020L Art. 1316-1. - L'écrit sous forme électronique est admis en preuve au même titre que l'écrit sur support papier, sous réserve que puisse être dûment identifiée la personne dont il émane et qu'il soit établi et conservé dans des conditions de nature à en garantir l'intégrité.

25 25 writing Problem with usable for subsequent reference Criteria –EX: arbitration clause (2640 CCQ) –EX: CPA –No way to be aware (criteria number 2) Problem with integrity criteria too Problem with distinct criterias. de critères distincts –Integrity –Usable for subsequent reference –Visible Form (UK) –Record (UETA)

26 26 2-2-E signature 2827 CCQ: A signature is the affixing by a person, to a writing, of his name or the distinctive mark which he regularly uses to signify his intention.. Limitations concerning biometry usage in AELFIT ART. 44AELFIT -No obligation -Finality -Destruction -Transparence to the Information Access Commission (CAI) -Etc

27 27 signature Electronic signature: is it reliable ? Is it legal ?

28 28 signature Difficult to say because definition is not so clear because contract decline every liability 2 1

29 29 signature liability is a legal concept

30 30 signature signature is too …

31 31 signature 1) Identity of signatory 2) Intention to sign

32 32 signature United Nations Convention on the Use of Electronic Communications in International Contracts (2005) 9. 3. Where the law requires that a communication or a contract should be signed by a party, or provides consequences for the absence of a signature, that requirement is met in relation to an electronic communication if: (a) A method is used to identify the party and to indicate that partys intention in respect of the information contained in the electronic communication;

33 33 signature Same in Quebec and Civil Code of Quebec (1994) (2827 CCQ) Ontario et Electronic Commerce Act (2000) British Columbia et Electronic Transaction Act (2001) China –Article 2 All references to an "electronic signature" in this law are to electronic data that are contained in or attached to a data message and are used to identify the signatory and indicate its endorsement of the contents of such data message. But theres an other criteria

34 34 signature United Nations Convention on the Use of Electronic Communications in International Contracts (2005) 9. 3. and (…) (b) The method used is (…) : (i) As reliable as appropriate for the purpose for which the electronic communication was generated or communicated, in the light of all the circumstances, including any relevant agreement;

35 35 signature Ontario and Electronic Commerce Act (…) (a) the electronic signature is reliable for the purpose of identifying the person; and (b) the association of the electronic signature with the relevant electronic document is reliable.

36 36 signature British Columbia and Electronic Transaction Act (…) 21 (d) prescribing records or classes of records for which a requirement under law for the signature of a person must be satisfied by an electronic signature and proof that, in view of all the circumstances including any relevant agreement and the time the electronic signature was made, (i) the electronic signature is reliable for the purpose of identifying the person, and

37 37 signature Uniform Electronic Transaction Act (USA) the use of security procedures is simply one method for proving the source or content of an electronic record or signature. A security procedure may be technologically very sophisticated, such as an asymetric cryptographic system. At the other extreme the security procedure may be as simple as a telephone call to confirm the identity of the sender through another channel of communication. It may include the use of a mother's maiden name or a personal identification number (PIN). Each of these examples is a method for confirming the identity of a person or accuracy of a message.

38 38 signature Reliability ? security procedure ?

39 39 signature contract decline its liability

40 40

41 41 signature information = oxygen

42 42 signature If no liability = no security

43 43 2-2-F original AELFIT (L.R.Q. c. C-1.1) ART. 12AELFIT 12. A technology-based document may fulfil the functions of an original. To that end, the integrity of the document must be ensured and, where the desired function is to establish 1) that the document is the source document from which copies are made, the components of the source document must be retained so that they may subsequently be used as a reference ; 2) that the document is unique, its components or its medium must be structured by a process that makes it possible to verify that the document is unique, in particular through the inclusion of an exclusive or distinctive component or the exclusion of any form of reproduction ; 3) that the document is the first form of a document linked to a person, its components or its medium must be structured by a process that makes it possible to verify that the document is unique, to identify the person with whom the document is linked and to maintain the link throughout the life cycle of the document.

44 44 original a) source document = integrity Signed contract

45 45 original b) Single document = integrity + application Bill of lading

46 46 original c) First form of a document linked to a person = integrity + application Will

47 47 3

48 48 2-3 Managing Technology-based document in a secure manner Transfert Retention Accessibility Transmission

49 49 transfert Definition: to change a technology-based document from one medium to an other. Example: an enterprise numerize sums of papers on a couple of CD. Legal conditions: –1) documentation with WHO – WHAT – HOW; –2) ensure integrity.

50 50 Retention Definition: to store documents so that they can be found later. Examples: –a consumer buys a product online. –For administrative or taxation reasons, an entreprise need to retain large number of documents, something for 3 or 6 or 10 years. Legal Conditions : –1) Désignate an assigned person, within the organization, for security matters or sub-contract to a trird-party service. –2) Ensure that documents kept are: Complete Available throughout the time thay are retained. –3) Ensure that the assigned person who modifies a retained document, and thus knowingly, compromise the integrity of the document, explains in the document itself: WHO WHAT HOW WHEN

51 51 consultation Definition: To make a document presented in intelligible form to the authorized persons. Examples: –PIPEDA / all Privacy protection acts –Securities Act Legal Conditions : –intelligible, legible. –Freedom to choice paper or electronic –Organization of confidential documents access Limiting access Identifying an assigned person; Ensuring it is impossible to do an extensive search; Setting up a secure system; Respecting conditions about confidential document.

52 52 transmission Definition: To send a document from one person to an other. Example: –Email –EDI –SMS Legal Conditions: For a sent document to have the same validity as the received document: –Ensure integrity + documentation –Assume that a technology-based document is sent when the sender has no more control on it. (For example, with a transmission slip) –Assume that a technology-based document is received when it is available to the recipient. (For example, with a acknowledgement of receipt) –Ensure that a technology-based document with confidential information Used an appropriate method Transmission is documented

53 53 4

54 54 2-4 evidence evidence = integrity + identity 2 presumptions 1)Environment 2)Document from entreprise and State

55 55 evidence Is an email admissible?

56 56 Not sure… – Bélanger c. Future Électronique, 2005 QCCRT 0570 Bélanger c. Future Électronique – Citadelle, Cie dassurance générale c. Montréal (Ville), 2005 IIJCan 24709 (QC C.S.)Citadelle, Cie dassurance générale c. Montréal (Ville) – Vandal c. Salvas [2005] IIJCan 40771 QC. C.Q. Vandal c. Salvas AELFIT

57 57 Regulation help – articles 63 and f… 63. A multidisciplinary committee shall be formed to promote the harmonization, both at the national and international levels, of the technical processes, systems, norms and standards established for the purposes of this Act. To that end, the Government shall, after consultation with the Bureau de normalisation du Québec, call upon persons from the business community, the information technology industry and the scientific and technical community, persons from the public, parapublic and municipal sectors and persons belonging to the professional orders, all of whom must have expertise in the field of information technology AELFIT

58 58 conclusion

59 59 principle 1: documentation transmission confidential documents retention transfert improve evidence

60 60 2.5 Legal Management of Digital Signature Image available at pst.libre.lu/mssi-luxmbg/p1/data-enc.gif

61 61 2.5 Legal Management of Digital Signature 3 main legislative attitude –Minimalist UK –Prescriptive Singapore Portugal Hungary Hong Kong Malaysia Italy Germany –Hybrid Quebec France Etc.

62 62 2.5 Legal Management of Digital Signature Substantives elements –Certificate –Documentation Policy CPS (Certification Practice Statement) –Participants Signatory Relying Party Certification authority And others (as auditor / accreditator / etc.) –Liability

63 63 2.5 Legal Management of Digital Signature Procedural elements –Entities Responsible for Controlling the Certification Process Auditor Accreditator Certificator Etc. –Documentation External Assessment Documentation Internal Assessment Documentation

64 64 ex. of complexity

Download ppt "Drt 6455 eCommerce Law lesson 2 – Legal Security Mangement Example of An Act to Establish a Legal Framework for IT associate professor faculty of law university."

Similar presentations

Symantec 2010 Windows 7 Migration Global Results.

Symantec 2010 Windows 7 Migration Global Results.
1 A B C 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52.

1 A B C
Simplifications of Context-Free Grammars

Simplifications of Context-Free Grammars
Variations of the Turing Machine

Variations of the Turing Machine
AP STUDY SESSION 2.

AP STUDY SESSION 2.
1

1
Select from the most commonly used minutes below.

Select from the most commonly used minutes below.
STATISTICS HYPOTHESES TEST (I)

STATISTICS HYPOTHESES TEST (I)
© fedict 2008. All rights reserved Legal aspects Belgian electronic identity card Samoera Jacobs – November 2008.

© fedict All rights reserved Legal aspects Belgian electronic identity card Samoera Jacobs – November 2008.
September 2013 ASTM Officers Training Workshop September 2013 ASTM Officers Training Workshop ASTM Member Website Tools September 2013 ASTM Officers Training.

September 2013 ASTM Officers Training Workshop September 2013 ASTM Officers Training Workshop ASTM Member Website Tools September 2013 ASTM Officers Training.
David Burdett May 11, 2004 Package Binding for WS CDL.

David Burdett May 11, 2004 Package Binding for WS CDL.
NTDB ® Annual Report 2009 © American College of Surgeons 2009. All Rights Reserved Worldwide Percent of Hospitals Submitting Data to NTDB by State and.

NTDB ® Annual Report 2009 © American College of Surgeons All Rights Reserved Worldwide Percent of Hospitals Submitting Data to NTDB by State and.
LAW 11 Offside.

LAW 11 Offside.
Prepared by: Workforce Enterprise Services For: The Illinois Department of Commerce and Economic Opportunity Bureau of Workforce Development ENTRY OF EMPLOYER.

Prepared by: Workforce Enterprise Services For: The Illinois Department of Commerce and Economic Opportunity Bureau of Workforce Development ENTRY OF EMPLOYER.
Create an Application Title 1Y - Youth Chapter 5.

Create an Application Title 1Y - Youth Chapter 5.
CALENDAR.

CALENDAR.
1 Pretty Good Privacy (PGP) Security for Electronic Email.

1 Pretty Good Privacy (PGP) Security for Electronic .
The 5S numbers game..

The 5S numbers game..
© Tally Solutions Pvt. Ltd. All Rights Reserved Shoper 9 License Management December 09.

© Tally Solutions Pvt. Ltd. All Rights Reserved Shoper 9 License Management December 09.
Media-Monitoring Final Report April - May 2010 News.

Media-Monitoring Final Report April - May 2010 News.

Similar presentations

Ads by Google