Changes

no edit summary
Line 78: Line 78:     
== Level of Assurance (LoA) 3: ==
 
== Level of Assurance (LoA) 3: ==
LoA 3 is appropriate when a high degree of confidence is required. It should be noted that LoA 4 is outside of the scope of this blog entry<sup>1</sup>.
+
LoA 3 is appropriate when a high degree of confidence is required. It should be noted that LoA 4 is outside of the scope of this blog entry<ref><small>We expect the need for level 4 e-signatures to be rare (e.g. very high-value transactions) and the reader should consult the e-signature guidance document for additional information.</small></ref>.
    
Two major technical options are available at LoA 3.
 
Two major technical options are available at LoA 3.
Line 105: Line 105:  
A short caution about using a digitized version (scan) of your wet signature from paper. Although PDF readers and editors often allow the user to insert a scan of her wet signature from paper, we do not consider this a good practice. Although it can give a signed electronic document a look that users are familiar with, we would argue that there is no real assurance or security achieved by inserting such a scan beyond what is achieved by typing a name as signature (e.g. /s/ Michael Brownlie). In addition, there is a risk in distributing an authentic copy of one’s wet signature around cyber space that a malicious actor could grab a copy and use it in concert with technology such as colour photocopiers to create facsimiles of one’s wet signature in the paper world (e.g. on formal contracts or other documents rendered on paper). In short, there is little gain in assurance while at the same time there is a potential risk introduced unnecessarily into the world of physical signatures.
 
A short caution about using a digitized version (scan) of your wet signature from paper. Although PDF readers and editors often allow the user to insert a scan of her wet signature from paper, we do not consider this a good practice. Although it can give a signed electronic document a look that users are familiar with, we would argue that there is no real assurance or security achieved by inserting such a scan beyond what is achieved by typing a name as signature (e.g. /s/ Michael Brownlie). In addition, there is a risk in distributing an authentic copy of one’s wet signature around cyber space that a malicious actor could grab a copy and use it in concert with technology such as colour photocopiers to create facsimiles of one’s wet signature in the paper world (e.g. on formal contracts or other documents rendered on paper). In short, there is little gain in assurance while at the same time there is a potential risk introduced unnecessarily into the world of physical signatures.
   −
== Beyond the Actual Signature<sup><small>2</small></sup> ==
+
== Beyond the Actual Signature<ref><small>As a reminder, security always needs to be taken into consideration, especially when dealing with parties external to the Government of Canada who may not have secure means of communication or storage. As mentioned in the e-signature guidance, confidentiality is not addressed by electronic signatures. If using an unsecure means of communication such as email, MS Word or PDF documents with the public, departments should be mindful of relevant, applicable policies. In particular, Appendix B of the Directive on Security Management states that encryption and network safeguards must be used to protect the confidentiality of sensitive data transmitted across public networks, wireless networks or any other network where the data may be at risk of unauthorized access. (B.2.3.6.3).  Although sensitive information is not defined in the Directive, the Policy on Government Security defines “sensitive information” as “information or asset that if compromised would reasonably be expected to cause an injury. This includes all information that falls within the exemption or exclusion criteria under the Access to Information Act and the Privacy Act. This also includes controlled goods as well as other information and assets that have regulatory or statutory prohibitions and controls.”  As such communication using public email, may not be appropriate in many given circumstances due to security risks.</small></ref> ==
 
A further consideration in moving from physical signatures to electronic signatures is the assurance level of the physical signature that is being replaced. In talking with practitioners who are implementing e-signatures, we often hear about weaknesses in the existing physical signature process while the proposed replacement with an e-signature is being scrutinized rigorously to achieve a high level of assurance. As an example, many processes involving physical signatures on forms do not implement a check of that signature against a pre-established signature card (or perform any other validation of the signature). We would suggest that such a physical signature process is at best a level of assurance 1. Now with those processes there may be other compensating controls in place that must be considered when moving to an e-signature, but the robustness of the signature itself is probably not high. These additional controls are important. An example might be a PDF form that is sent to a user for printing, ink signing, scanning, and emailing back (a partially digital process that still requires a physical signature). The fact that the user was able to receive the email on a known email address may be considered an additional control on the process and this could be replicated into the replacement electronic signature process.
 
A further consideration in moving from physical signatures to electronic signatures is the assurance level of the physical signature that is being replaced. In talking with practitioners who are implementing e-signatures, we often hear about weaknesses in the existing physical signature process while the proposed replacement with an e-signature is being scrutinized rigorously to achieve a high level of assurance. As an example, many processes involving physical signatures on forms do not implement a check of that signature against a pre-established signature card (or perform any other validation of the signature). We would suggest that such a physical signature process is at best a level of assurance 1. Now with those processes there may be other compensating controls in place that must be considered when moving to an e-signature, but the robustness of the signature itself is probably not high. These additional controls are important. An example might be a PDF form that is sent to a user for printing, ink signing, scanning, and emailing back (a partially digital process that still requires a physical signature). The fact that the user was able to receive the email on a known email address may be considered an additional control on the process and this could be replicated into the replacement electronic signature process.
   Line 112: Line 112:  
The purpose of this blog has been to present some possible technical approaches for e-signatures that are already available for use. We are interested in having a dialog with practitioners and hope that you will contact us or comment here on the blog in order to expand the dialog and speed up digital government initiatives.
 
The purpose of this blog has been to present some possible technical approaches for e-signatures that are already available for use. We are interested in having a dialog with practitioners and hope that you will contact us or comment here on the blog in order to expand the dialog and speed up digital government initiatives.
 
<br>
 
<br>
<br>
+
 
<br>
  −
== <small>Footnotes</small> ==
  −
<small>
  −
<sup>1</sup> We expect the need for level 4 e-signatures to be rare (e.g. very high-value transactions) and the reader should consult the e-signature guidance document for additional information.
  −
<br>
  −
<br>
  −
<sup>2</sup> As a reminder, security always needs to be taken into consideration, especially when dealing with parties external to the Government of Canada who may not have secure means of communication or storage. As mentioned in the e-signature guidance, confidentiality is not addressed by electronic signatures. If using an unsecure means of communication such as email, MS Word or PDF documents with the public, departments should be mindful of relevant, applicable policies. In particular, Appendix B of the Directive on Security Management states that encryption and network safeguards must be used to protect the confidentiality of sensitive data transmitted across public networks, wireless networks or any other network where the data may be at risk of unauthorized access. (B.2.3.6.3).  Although sensitive information is not defined in the Directive, the Policy on Government Security defines “sensitive information” as “information or asset that if compromised would reasonably be expected to cause an injury. This includes all information that falls within the exemption or exclusion criteria under the Access to Information Act and the Privacy Act. This also includes controlled goods as well as other information and assets that have regulatory or statutory prohibitions and controls.”  As such communication using public email, may not be appropriate in many given circumstances due to security risks.
  −
</small>