• No results found

PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT CANADA EVIDENCE ACT

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT CANADA EVIDENCE ACT"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT CANADA EVIDENCE ACT

Secure Electronic Signature Regulations P.C. 2005-57 February 1, 2005

Whereas the Governor in Council is satisfied that the technology or process prescribed in the annexed Secure Electronic Signature Regulations can be proved to meet the requirements set out in paragraphs 48(2)(a) to (d) of the Personal Information Protection and Electronic Documents Act (see footnote a);

Therefore, Her Excellency the Governor General in Council, on the

recommendation of the Treasury Board, pursuant to subsection 48(1) of the Personal Information Protection and Electronic Documents Act(see footnote b) and paragraph 31.4(a)(see footnote c) of the Canada Evidence Act, hereby makes the annexed Secure Electronic Signature Regulations.

SECURE ELECTRONIC SIGNATURE REGULATIONS INTERPRETATION

1. The following definitions apply in these Regulations.

"Act" means the Personal Information Protection and Electronic Documents Act. (Loi)

"asymmetric cryptography" means a cryptographic system that relies on key pairs. (système de chiffrement à clé publique)

"certification authority" means a person or entity that issues digital signature certificates and that has been listed as such on the website of the Treasury Board Secretariat. (autorité de certification)

"digital signature certificate", in respect of a person, means an electronic document that

(a) identifies the certification authority that issued it and is digitally signed by that certification authority;

(b) identifies, or can be used to identify, the person; and

(c) contains the person's public key. (certificat de signature numérique) "entity" includes any federal department, branch, office, board, agency, commission, corporation or body for the administration of the affairs of which a minister of the Crown is accountable to Parliament. (entité)

(2)

"hash function" means an electronic one-way mathematical process that converts data contained in an electronic document into a message digest that is unique to that data in a way that, were that data changed, it would, on conversion, result in a changed message digest. (fonction de hachage) "key pair" means a pair of keys held by or for a person that includes a private key and a public key that are mathematically related to, but different from, each other. (biclé)

"private key" means a string of data that

(a) is used in asymmetric cryptography to encrypt data contained in an electronic document; and

(b) is unique to the person who is identified in, or can be identified through, a digital signature certificate and corresponds only to the public key in that certificate. (clé privée)

"public key" means a string of data contained in a digital signature certificate that

(a) is used in asymmetric cryptography to decrypt data contained in an

electronic document that was encrypted through the application of the private key in the key pair; and

(b) corresponds only to the private key in the key pair. (clé publique) TECHNOLOGY OR PROCESS

2. For the purposes of the definition "secure electronic signature" in

subsection 31(1) of the Act, a secure electronic signature in respect of data contained in an electronic document is a digital signature that results from completion of the following consecutive operations:

(a) application of the hash function to the data to generate a message digest; (b) application of a private key to encrypt the message digest;

(c) incorporation in, attachment to, or association with the electronic document of the encrypted message digest;

(d) transmission of the electronic document and encrypted message digest together with either

(i) a digital signature certificate, or

(3)

(e) after receipt of the electronic document, the encrypted message digest and the digital signature certificate or the means of access to the digital signature certificate,

(i) application of the public key contained in the digital signature certificate to decrypt the encrypted message digest and produce the message digest referred to in paragraph (a),

(ii) application of the hash function to the data contained in the electronic document to generate a new message digest,

(iii) verification that, on comparison, the message digests referred to in paragraph (a) and subparagraph (ii) are identical, and

(iv) verification that the digital signature certificate is valid in accordance with section 3.

3. (1) A digital signature certificate is valid if, at the time when the data contained in an electronic document is digitally signed in accordance with section 2, the certificate

(a) is readable or perceivable by any person or entity who is entitled to have access to the digital signature certificate; and

(b) has not expired or been revoked.

(2) In addition to the requirements for validity set out in subsection (1), when the digital signature certificate is supported by other digital signature

certificates, in order for the digital signature certificate to be valid, the

supporting certificates must also be valid in accordance with that subsection. 4. (1) Before recognizing a person or entity as a certification authority, the President of the Treasury Board must verify that the person or entity has the capacity to issue digital signature certificates in a secure and reliable manner within the context of these Regulations and paragraphs 48(2)(a) to (d) of the Act.

(2) Every person or entity that is recognized as a certification authority by the President of the Treasury Board shall be listed on the website of the Treasury Board Secretariat.

PRESUMPTION

5. When the technology or process set out in section 2 is used in respect of data contained in an electronic document, that data is presumed, in the absence of evidence to the contrary, to have been signed by the person who is identified in, or can be identified through, the digital signature certificate.

(4)

6. These Regulations come into force on the day on which they are registered.

REGULATORY IMPACT ANALYSIS STATEMENT

(This statement is not part of the Regulations.) Description

The Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5, (PIPEDA), in Part 2, provides a framework by which federal statutes and regulations may be adjusted to accommodate electronic alternatives to paper-based means of communication. For some types of electronic documents, such as sworn statements (section 44); statements declaring truth (section 45); witnessed documents (section 46); originals (section 42); sealed documents (section 39); Part 2 requires a secure electronic signature.

Subsection 31(1) defines secure electronic signature as an electronic signature that results from the application of a technology or process

prescribed by regulations made under subsection 48(1). Subsection 48(1) of PIPEDA describes the characteristics of secure electronic signatures and grants authority to the Governor in Council, upon the recommendation of the Treasury Board, to make regulations prescribing the technologies or

processes for the purpose of the definition. Regulations are required in order to complete the definition of secure electronic signature.

Digital signature technology is the only known technology today that can provide the requisite characteristics of a secure electronic signature. Even then, a secure electronic signature is trustworthy only if the digital signature certificate is issued by a reliable Certification Authority. Currently, there are no recognized standards for accrediting those Certification Authorities which are reliable. Accordingly, the Regulations provide that only those digital signature certificates are deemed to be sufficiently trustworthy that are issued by

Certification Authorities which:

(i) the President of the Treasury Board has verified as having the capacity to issue certificates in a secure and reliable manner, and as fulfilling the four characteristics set out in subsection 48(2); and

(ii) the President of the Treasury Board has listed on the website of the Treasury Board Secretariat.

Paragraph 31.4(a) of the Canada Evidence Act grants authority to the Governor in Council to make regulations establishing evidentiary

presumptions respecting the association of secure electronic signature with a person. When an electronic document is signed using a digital signature, where the digital signature certificate has been issued by a Certification Authority listed on the Treasury Board Secretariat website, then the

(5)

Regulations establish a rebuttable presumption that the electronic document is attributable to the person who is identified in, or can be identified through, the digital signature certificate. This presumption may be rebutted by evidence that the digital signature was not that of the person so identified, or was not applied to the electronic document by that person.

Alternatives

There is no alternative to the use of the regulatory route. Benefits and Costs

These Regulations apply to the operations of the Government of Canada and do not impose any obligations or costs on other parties.

Consultation

Preliminary drafts of the Regulations were the subject of discussion by a number of subject-matter experts within and outside of the Government of Canada.

These Regulations were pre-published in the Canada Gazette, Part I, on May 8, 2004. Two comments were received.

Canada Post recommended the addition of an electronic postmark to support a chain of evidence for electronic transactions. This recommendation was rejected as it is beyond the scope of the Regulations. The Regulations are limited to describing the technology and processes that create electronic signatures that meet the characteristics of a secure electronic signature as specified in the Personal Information Protection and Electronic Documents Act.

A private sector company recommended that an electronic signature created using a technology different from that specified in the Regulations, be

accepted as a secure electronic signature. Though submitted weeks after the consultation period had closed the recommendation was nonetheless given due consideration. The company was encouraged to pursue evaluation of their product with the Communications Security Establishment to ensure that it meets the four characteristics of a secure electronic signature as specified in the Regulations.

Compliance and Enforcement

Compliance is not an issue as the use of Part 2 of PIPEDA is at the option of responsible federal authorities. Those authorities would not likely utilize Part 2 until they are ready and able to do so. Written arrangements with listed

References

Download now ( PDF - 5 Page - 24.11 KB )

Related documents

High dose Chemotherapy and peripheral blood stem cell transplant in. Lymphomas

Patients who achieved less than CR or had primary resistant / progressive disease but proved to be chemosensitive (partial response) on first line salvage chemotherapy,

ent mcq a.pfd

18- in 40 years female patient with left hearing loss, rinne test is negative on the left side and tympanogram is type As, your diagnosis is.. a- Lefr secretory

Road Construction. Production Study. AccuGrade GPS & ATS Systems. MALAGA Demonstration & Learning Center

Analysis demonstrated that productivity and unit cost improvements result from a reduction in surveying support, increase in operational efficiency for earthmoving,

Construction Order Management

Stavbyvedúci- zabezpečuje uskutočňovanie stavby a riadne vykonávanie prác podľa projektovej dokumentácie stavby a podľa podmienok stavebného povolenia a organizuje, riadi

Efficiency Scrutiny Committee 19 January 2016 Tourism Business Support Service

2.1 This report sets out an overview of the importance of the tourism industry within a local to national context and provides details of the support provided to this employment

Assessing Significance of Commission for Human Rights and Good Governance Mandatory Roles in Promoting Peaceful Management of Conflict in Public Secondary Schools: Case of Lindi district

The international efforts to ensure peaceful co-existence at secondary schools are supplemented by regional efforts like adoption of the African Constitutive Act (Heyns and

A NOVEL APPROACH TO MINE FREQUENT PATTERNS FROM LARGE VOLUME OF DATASET USING MDL REDUCTION ALGORITHM

In our approach, MDL based algorithm is used for reducing the number of frequent item sets to be used for association rule mining is presented.. MDL based approach

2005 Summer Heavy Up Campaign

• Continue to use TV as our core branding media • Use print to support campaign and