Monthly Archives: August 2010

ECA 2000 Parts 1 to 6

Section 1: Register of approved providers

This section places a duty on the Secretary of State to establish and maintain a register of approved providers of cryptography support services, and specifies what information is to be contained in the register. The section also requires the Secretary of State to make arrangements for the public to have access to the register and for any changes to the information in the register to be publicized.

Cryptography support services are defined in section 6.

The main purpose of the register is to ensure that providers on the register have been independently assessed against particular standards of quality, in order to encourage the use of their services, and hence the development of electronic commerce and electronic communication with Government.

Where two people are communicating electronically, it may be necessary for one person to rely on the services provided to the other: for example, where the first person receives a communication which purports to have been signed electronically by the other.

Definition of electronic signature is given in section 7(2).

The register is voluntary: no provider is obliged to apply for approval and a provider who is not on the register is at liberty to provide cryptography services

 Summary

This section is very straight forward it informs us that a registration has to provided to the extent that all persons or person who will provide assistance to the development of the cryptography support services area and associated

Section 2: Arrangements for the grant of approvals

This section places a duty on the Secretary of State to ensure that there are arrangements in force for granting approval, handling complaints and disputes and modifying or withdrawing approval.

Places a duty on the Secretary of State to ensure that there are arrangements for granting approvals for any person providing or proposing to provide, cryptography support services in the United Kingdom.

The provision of cryptography support services in the United Kingdom is described in subsection.

Says what the Secretary of State must be satisfied about in order to grant an approval. The Secretary of State is given the power to set requirements (e.g. relating to the technology provided, to the person himself and his background and experience, and the way he provides the technology to the public) by regulation, and also to impose conditions on the approval.

The Secretary of State must also be satisfied that the person is fit and proper to be approved. Relevant factors include any known contraventions of provisions of this legislation, and convictions for offences involving fraud or dishonesty, or engaging in discriminatory practices, or engaging in deceitful, oppressive, unfair or improper business practices.

Requirement for compliance with these requirements by reference to the opinion of a person specified, either in the regulations or chosen in a manner set out in the regulations.

The arrangements for approvals, outlined above, envisage providers requesting approval for one or a number of different cryptography support services. The granting of such an approval would depend on the applicant meeting the conditions specified in the relevant regulations.

Summary

In general this section confirms to section 1 that a person and persons will be able to provide the necessary information and also the persons will be fit for purpose and all transaction will be performed in the correct business.

Section 3:  Delegation of approval functions

This section enables the Secretary of State to delegate the approvals functions set out in sections 1 and 2 to any person. Subsection (4) provides that where the functions are delegated to a statutory body or office holder, the statutes relating to their original functions shall be regarded as including the new functions so delegated. Subsection (5) enables the Secretary of State to modify enactments by order, and subsection (6) provides that the order required to do this will be subject to affirmative resolution procedure in both Houses of Parliament.

Summary

This section is very straight forward it informs us that state has the ability to delegate the items mentioned in sections 1 and 2.

Section 4:  Restrictions on disclosure of information

This section protects certain information obtained under Part I, sets out the purposes for which it may be disclosed (e.g. in order to carry out the approvals functions, for a criminal investigation or for those civil proceedings specified in subsection (2)(e)) and makes improper disclosure a criminal offence. It safeguards individual privacy and commercially confidential information, except where disclosure is justifiable.

There is no restriction on who may make the disclosure or to whom it may be made, provided that the purpose is proper.

Summary

This section has informed us that disclosure of information will be restricted subjected to certain conditions.

Section 5:  Regulations under Part I

This section makes further provision relating to the regulations the Secretary of State may make under Part I and contains standard provisions commonly accorded to powers to make subordinate legislation, such as an ability to make supplementary provision.

The regulations will be subject to affirmative resolution procedure in both Houses of Parliament the first time the Secretary of State exercises his powers to make regulations under this Part. They will subsequently be subject to negative resolution procedure in both Houses of Parliament.

  • prescribed is defined in this Part as meaning prescribed by regulations made by the Secretary of State, or determined in such a manner as may be provided for in any such regulations.

Summary

This section indicates that it can make subordinate legislation, such as an ability to make supplementary provision to Part 1 if required.

Section 6:  Provision of cryptography support services

The cryptography support services that may be approved under the arrangements described above are defined to include those relating to: confidentiality, i.e. securing that such electronic communications or data can be accessed, or can be put into an intelligible form (defined in section 15(3)), only by certain persons; securing that the authenticity or integrity (both defined in section 15(2) of electronic communications or data is capable of being ascertained, i.e. relating to an electronic signature.

Subsection (2) makes it clear that the approval scheme for cryptography support services includes only those services that primarily involve a continuing relationship between the supplier of the service and the customer. The scheme does not cover the supply of an item (whether software or hardware) unless such a supply is integral to the provision of the service itself.

Cryptography support services, falling within the scope of this section, would include registration and certification in relation to certificates, time-stamping of certificates or documents, key generation and management, key-storage and providing directories of certificates.

Summary

This section provides for the interpretation of various terms used in Part I of the Act.


Cryptography

When it becomes necessary to transmit information from one point to another, it’s important to protect the information while it’s in transit.

Cryptography presents various methods for taking legible, readable data, and transforming it into unreadable data for the purpose of secure transmission, and then using a key to transform it back into readable data when it reaches its destination.

The Secure Sockets Layer (SSL) is a common encryption protocol used in e-commerce. When you make a purchase over the Internet, this is the technology the merchant uses to make sure you can safely transmit your credit card information. Using this protocol, your computer and the online merchant’s computer agree to create a type of private “tunnel” through the public Internet. This process is called the “handshake.” When you see a URL in your Web browser that starts with “https” instead of “http”, it is a secure connection that is using SSL.

Some methods of cryptography used a “secret key” to allow the recipient to decrypt the message. The most common secret key cryptosystem is the Data Encryption Standard (DES), or the more secure Triple-DES which encrypts the data three times

More common are systems that use a public key cryptography system, such as the Diffie-Hellman key agreement protocol. This system uses two keys that work together; a public one, which anyone can access, and a private one, which is kept secret by the party receiving the data.

When you want to send a secure message to someone, you encrypt that message using the recipient’s public key. But once encrypted, the recipient must use his or her private key to decrypt it.

The goal of cryptography extends beyond merely making data unreadable, it also extends into user authentication that is, providing the recipient with assurance that the encrypted message originated from a trusted source.

Hash functions are sometimes used in conjunction with private key or public key cryptography. This is a type of one-way encryption, which applies an algorithm to a message, such that the message itself cannot be recovered. Unlike key-based cryptography, the goal of the hash function is not to encrypt data for later decryption, but to create a sort of digital fingerprint of a message.

The value derived from applying the hash function can be re-calculated at the receiving end, to ensure that the message has not been tampered with during transit. Then, key-based cryptography is applied to decipher the message.

Summary

The introduction covers one of the main parts; it is self explanatory notes that explain what Cryptography is all about. In real terms the theory is very simple to use but in practice very difficult to carry out and perform.

There is some progress and a basic “implementation” is been used today but total Cryptography is a long way from completion.


Electronic Communications Act 2000 Introduction

 

 

Background

The Government’s policy is to facilitate electronic commerce. It has also set itself targets for making Government services available electronically: all schools and libraries to be connected to the internet by 2002, with 100% of all government services to be deliverable online by 2005.

The Government has also set a target for 90% of its routine procurement of goods to be done electronically by 2001.

Cryptography and electronic signatures are important for electronic transactions.

Cryptography is the science of codes and ciphers. This has long been applied by banks and government and is an essential tool for electronic commerce. It can also cover the areas of the basis of an electronic signature.

Encryption is the process of turning normal text into a series of letters and/or numbers which can only be deciphered by someone who has the correct password or key. Encryption is used to prevent others reading confidential, private or commercial data (for example an e-mail sent over the internet or a file stored on floppy disk).

An electronic signature is something associated with an electronic document that performs similar functions to a manual signature. It can be used to give the recipient confirmation that the communication comes from whom it purports to come from (“authenticity”). Another important use of electronic signatures is establishing that the communication has not been tampered with (“integrity”).

Public key cryptography is a form of cryptography that uses two distinct, but related, keys (known as a key pair): one key for “locking” a document, and a separate key for “unlocking” it. These keys are both large numbers with special mathematical properties.

Public key cryptography can be used to provide an electronic signature: the private key (which is only known to its owner) is used as the “lock” to transform the data, by scrambling the information contained in it.

The transformed data is the electronic signature, which can be verified by “unlocking” it with the public key of the person who signed it. Anyone with access to the public key can check the signature, so verifying that it was signed by someone with access to the private key and also verifying that the content of the document had not been changed.

Public key cryptography can also be used to keep a communication secret: in this case the keys are used the other way round. The person sending the message would use the public key of the intended recipient to “lock” the message. Now only the corresponding private key can be used to “unlock” the message. This is what the intended recipient would use to read it. A third party would not be able to read the message without access to the intended recipient’s private key.

Various organizations provide cryptography services, which include certifying the public key of an individual, managing encryption keys and time stamping electronic signatures. There is a need for the public to be able to have confidence that these services are secure and not open to fraud; and for people to be free from unnecessary restrictions in their use of new technology.

The main purpose of the Act is to help build confidence in electronic commerce and the technology underlying it by providing for:

  • an approvals scheme for businesses and other organizations providing cryptography services, such as electronic signature services and confidentiality services;
  • the legal recognition of electronic signatures and the process under which they are verified, generated or communicated;
  • The removal of obstacles in other legislation to the use of electronic communication and storage in place of paper.

The Act also contains provisions to update procedures for modifying telecommunications licenses.

 Summary

The above is a basic summary of what the act is about and the main purpose for the act.


Civil Evidence Act 1995 Overview

1995 CHAPTER 38

To have a good understanding about Document Managements System it can be good practice to have a basic understanding on where the law and documents requirements may be mentioned or even to what degree documents have to be controlled under certain conditions or in what areas documents may be required.

I have no training in law as I am educated within an engineering background but this basic understanding does help to understand to which areas this may be used or even mentioned and it certainly does help you if you want to understand this concept in more detail.

What is the Civil Evidence Act 1995

This is an Act to provide for the admissibility of hearsay evidence, the proof of certain documentary evidence and the admissibility and proof of official actuarial tables in civil proceedings; and for connected purposes.

The Civil Evidence Act 1995 has introduced a system whereby all documents and copy documents, including computer records, can be admitted as evidence in civil proceedings.

The Act requires particular attention to be paid to the setting up of authorization procedures and the ability to demonstrate to the courts that these procedures are being followed. It may need to be shown by evidence in court that a particular computer was being used regularly, was supplied regularly with information of the sort from which the document in question was derived and was operating properly.

The information below indicates to which area documents may be mentioned within the act, this is a guide line only and does help to understand this act in more detail.

8 Proof of statements contained in documents

(1) Where a statement contained in a document is admissible as evidence in civil proceedings, it may be proved—

(a) By the production of that document, or

(b) Whether or not that document is still in existence, by the production of a copy of that document or of the material part of it,

Authenticated in such manner as the court may approve

(2) It is immaterial for this purpose how many removes there are between a copy and the original.

9 Proof of records of business or public authority

(1) A document which is shown to form part of the records of a business or public authority may be received in evidence in civil proceedings without further proof.

(2) A document shall be taken to form part of the records of a business or public authority if there is produced to the court a certificate to that effect signed by an officer of the business or authority to which the records belong.

For this purpose—

(a) a document purporting to be a certificate signed by an officer of a business or public authority shall be deemed to have been duly given by such an officer and signed by him; and

(b) a certificate shall be treated as signed by a person if it purports to bear a facsimile of his signature.

(3) The absence of an entry in the records of a business or public authority may be proved in civil proceedings by affidavit of an officer of the business or authority to which the records belong.

(4) In this section—

  • “records” means records in whatever form;
  • “business” includes any activity regularly carried on over a period of time, whether for profit or not, by any body (whether corporate or not) or by an individual;
  • “officer” includes any person occupying a responsible position in relation to the relevant activities of the business or public authority or in relation to its records; and
  • “public authority” includes any public or statutory undertaking, any government department and any person holding office under Her Majesty.

(5) The court may, having regard to the circumstances of the case, direct that all or any of the above provisions of this section do not apply in relation to a particular document or record, or description of documents or records.

10 Admissibility and proof of Ogden Tables

(1) The actuarial tables (together with explanatory notes) for use in personal injury and fatal accident cases issued from time to time by the Government Actuary’s Department are admissible in evidence for the purpose of assessing, in an action for personal injury, the sum to be awarded as general damages for future pecuniary loss.

(2) They may be proved by the production of a copy published by Her Majesty’s Stationery Office.

(3) For the purposes of this section—

(a) “personal injury” includes any disease and any impairment of a person’s physical or mental condition; and

(b) “action for personal injury” includes an action brought by virtue of the [1934 c. 41.] Law Reform (Miscellaneous Provisions) Act 1934 or the [1976 c. 30.] Fatal Accidents Act 1976.

Savings

(1) Nothing in this Act affects the exclusion of evidence on grounds other than that it is hearsay.

This applies whether the evidence falls to be excluded in pursuance of any enactment or rule of law, for failure to comply with rules of court or an order of the court, or otherwise.

(2) Nothing in this Act affects the proof of documents by means other than those specified in section 8 or 9.

(3) Nothing in this Act affects the operation of the following enactments—

(a) section 2 of the [1868 c. 37.] Documentary Evidence Act 1868 (mode of proving certain official documents);

(b) section 2 of the [1882 c. 9.] Documentary Evidence Act 1882 (documents printed under the superintendence of Stationery Office);

(c) section 1 of the [1907 c. 16.] Evidence (Colonial Statutes) Act 1907 (proof of statutes of certain legislatures);

(d) section 1 of the [1933 c. 4.] Evidence (Foreign, Dominion and Colonial Documents) Act 1933 (proof and effect of registers and official certificates of certain countries);

(e) section 5 of the [1963 c. 27.] Oaths and Evidence (Overseas Authorities and Countries) Act 1963 (provision in respect of public registers of other countries).

 Gaming Act 1968 (c. 65)

4 In section 43 of the Gaming Act 1968 (powers of inspectors and related provisions), for subsection (11) substitute—

“(11) In this section—

“document” means anything in which information of any description is recorded, and

“copy”, in relation to a document, means anything onto which information recorded in the document has been copied, by whatever means and whether directly or indirectly.”.

The above statement is also in the following sections

  • Vehicle and Driving Licences Act 1969 (c. 27)
  • Taxes Management Act 1970 (c. 9)
  • Civil Evidence Act 1972 (c. 30)
  • International Carriage of Perishable Foodstuffs Act 1976 (c. 58)
  • Criminal Justice Act 1988 (c. 33)
  • Road Traffic Offenders Act 1988 (c. 53)
  • Vehicle Excise and Registration Act 1994 (c. 22)

The above information may give you a good idea to the areas where documents are mentioned within this act, and it also provides interesting reading, this article is for reference only, and if you require and further information or any particular information relating to this act I would recommend that you connect your lawer.

To see the act represented in full click on the following link

 http://www.isurv.com/site/scripts/download_info.aspx?categoryID=406&downloadID=746

 


B.P.M and the Paperless System

The Business Process Management Life-Cycle

Image via Wikipedia

Business Process Management is a management focusing approach regarding all aspects of an organization with requirements and needs of the client. It is a holistic management approach that promotes business effectiveness and efficiency while striving for innovation, flexibility, and integration with technology.

The main part of Business Process Management is the business process, which can be descried as a “collection of related structured activities that produce a service or product that meet the needs of a client”.

 The system approach is very similar to the management work flow system and is a large key to the design of a paperless office system, designed to meet the requirements of the customer and the paperless office system. The main area where this system has helped the paperless office system is that of how companies have been able to use the Technology to assist the client to achieve a more approachable system.

This is a very similar to a works flow management system but has the client’s requirements in mind and not an internal steps management flow system.

The system acts in two ways it assists the management process to achieve internal efficiency but it also achieves direct connect to a client, when information has to be sent direct this does only effect invoicing but all kinds of transferable information.

Reading various reports from company’s introduction to the Paperless Office software system and the management work flow system and especially the Business Process Management, generally they have seen an increase in the transaction rate, of receiving documentation using a Business Process Management this has helped to increase efficiency of approximately 15% although this information is believable a general concerns will have to be measured to take into account there own advertising and offering statically information.

Both the management and business systems are a step in the right direction concentrating on the actual process of paper, this has to be addressed in the general terms and covering all aspects of the Paperless Office System.

Although this does leave a big gap in the secondary paper issues and to a certain degree is more of a process meets technology in the event that it might change and remove the paper form the office.

A main aspect of the management system is process, but including within the process there are various factors. One of the factors is the filing requirements and associated filing requirements.


This is not a Paperless Office !

The Paperless Office has developed over the years as the concept has grown there has been a vast amount of software systems indicting that they can make your office totally paperless this has and is still a misleading statement.

What has development over the years is a collection of Ould (2007) management flow system and Smith (2007); business process managements systems stating that they are a Paperless Office Software System.

This software is really a combination of systems that can be installed into your main frame and each individual computer will have the software which will manage all the necessary files into a systematic data base, which can be organized into each personalized computer system.

What can be descried as a work flow System?

Workflow consists of a sequence of connection steps. It is best depiction of a sequence of operations declared as work of a person. The flow being described often refers to a document that is being transferred from one step to another.

Work flow activities are enabled by a systematic organization of resources, defined roles and information flows, into a work process. The term workflow which is connected to the computer programming can also be categorized, in the relation to capture and develop human-to-machine interaction.

The above paragraph describeswhat a work flow system is. The installation of a software package stating that it is a paperless office can be misleading. If you have an organization which has all the normal installations, e mails, PDF documentation and possible scanning systems this installation will be designed to a basic work flow system.

The companies will advertise that this can increase your efficiency and also reduce all the paper work flow system. How this works is that if you normally take five steps to carry a performance like an e mail. A work flow will manage the steps and reduce the process.

The results are obvious form five steps to two steps the claims of achieving a paperless office in the areas of reducing the amount of steps to perform a duty this will result in a better and a more efficient system.

This is one of the areas where companies can advertise that they are designing a system that offers to increase the efficiency of paperless office system. But as the report has indicated the area of secondary paper this is still a problem.

The other areas where companies are offering a similar service still in the areas of Management Work Flow System is in the areas of Business process management.

Management work flows are a good thing, but as the answer to achieve the paperless office, this is not correct, we must address the problems of SPA, Cultural and Social areas and overcome this miss leading statement if we want the Paperless System to grow.


Origins of Secondary Paper Activities

The concept of the paperless office started around 1975 and certainly taken it’s time to progress into a more active and useable system that in real terms due to it’s technology advances should be in every office and certainly a lot more advanced than it is at the moment

When I started to research this concept one of the main areas that stared to point out was the non acceptance of the concept in general. One of the books I was reading was the well know book Myths of the Paperless Office , by Abigail Sellen and Richard H.R Harper, although the book was entitled Myths of the Paperless Office the book was with a slight undertone  towards the investigation of new insights about how humans handle and process information.

Part of there research progressed to a conclusion that both the authors realized that paper and digital technology each has certain central “affordances” the other lacks. That is, one “afforded” capabilities, functions, and conveniences that the other could not.

To break this down into a more understanding term, then you could state in general terms that one action must have a reaction that meets the first action.

Or

If a square peg is traveling towards a round hole, at the point of when it starts the square peg already knows that it will not fit into the round whole. The so called “affordances” area is what the other lacks.

Another way of looking at this is in a slightly different way. If the square peg is a motor car and the round hole is a motor bike, this is what you would call a total opposite reaction, because as the motor car will not push or drive out the motor bike another example of this would be the typewriter has not pushed or driven out the pen.  

So how I did I come to the conclusion of SPA, I had to look what was in the “affordances” (the middle bit that keeps moving from the peg to the hole) and totally forget about the square peg and also the round whole.

One of the research was that at  London Air Traffic Control Center where there was so many pieces of paper floating around the air traffic control tower that in theory it would have been difficult to transfer this from of communication and transfer it through a electrical devices or a connected networked system, not to the extend that software application capabilities could not be written but the social and human interaction would be difficult to copy and the human intervention would cause the affordance to ripple even more.

After examining various other areas most of which blamed and looked at  technology stating that it was not quite designed for the paperless office, this of which I totally disagree, with there theory, technology will never be ready and never be acceptable for the Paperless Office.

Having a closer look at the bit in the middle “affordances” area and trying to understand what the are the problem areas one certainly came to my mind, that was the section with regards to the air traffic control room, not because its mentioned in the book, but for various reasons, there will always be some request for paper in the respect that it will be required as a communication tool, SPA is certainly an area that will be questioned with regards to how to small notes can be transferred into any electrical device and also connected into a network system not as a  answer to the paperless system but an area that if this could be answered the overall design could be a lot easier to understand.

From my surveys with Bradford University it was noted that SPA can be calculated up to 34% of activities within a typical office environment so the remaining % has already started to fit into a system that has stared to be accepted.

So a truer understanding of the middle area will be better understood and in time the investigation of the peg and the round hole will be looked at in more detail.