firstalpha ltd. New Media.

27 West Dean
Wilts SP5 1JQ
Tel: 01794-341-405
Fax: 01794-340-026
Internet Keyword: firstalpha

FAO Geoff Smith
Information Security Policy Group
Communications and Information Industries Directorate
Department of Trade and Industry
Bay 226, 151 Buckingham Palace Road
London SW1 9SS

19th June 2001

Dear Mr Smith,

Re: DTI Consultation on the EC Electronic Signature Directive 1999/93/EC.

Whilst I do not feel that I am sufficiently qualified to answer the technical questions in the DTI Consultation document, I do want to comment on the implementation of the Digital Signature Directive. This response should be considered as being from a layperson's perspective, although I am familiar with Government Reports and Bureaucracy having acted as Clerk to West Dean Parish Council for the last ten years.

I do have a digital certificate issued by of South Africa, which guarantees that my emails are genuine. To assure Thawte that I am who I say I am, my British Passport has been verified by three UK based Thawte Web of Trust Notaries. My digital certificate has thus been strengthened.

Since Thawte Consulting is a well established global Trust Service Provider (TSP), I believe that the British Government should study the methodology employed by Thawte and incorporate a similar implementation into the offices of the UK Passport Agency. This Government Department should operate multiple secure servers, to enable the online verification of British Passports in issue. Not only would this assist the issuers of secure digital certificates but provide a method by which a British Citizen could verify their identity in the absence of their Passport.

A British Passport application has to be countersigned by an appropriate person who has known the applicant for at least two years. Both an application for a postal vote and a share transfer form need to be witnessed. Business documents sometimes require to be notarised by a solicitor. In each case, a written, signed verification of identity is based on trust, which is dependent on the integrity of the individuals involved. In the event that a fraud is perpetrated, the paper documents are produced as evidence.

Ultimately, it is the server log files that validate the authenticity of an electronic communication. The date and time of a communication becomes as significant as the postmark on a posted letter. It is my opinion that the British Government should maintain secure servers in all departments, starting with the Passport Agency, that would contain verified identity information taken from the paper applications that are already stored for validation purposes. The secure server log files will record every instance of access to stored online documents and enable any abuses to be recorded for subsequent investigation.

The EC Digital Signatures Directive appears to be aimed at regulating the commercial operators who will create the signature devices that will attach a digital certificate to the paper based proof of identity. There should certainly be some form of regulation for these businesses but it would be unfortunate if this was to stifle innovation. The original, witnessed, written document is unlikely to be replaced by a digital device in the foreseeable future, therefore, if legislation is to be enacted, it should address the experimental nature of the development environment.

Yours sincerely

Richard Philip Parsons
Delivered by email and FAX at 2:30pm on Tuesday, 19th June 2001.

eMail: Return to HomePage Copyright 1999/2001 RegIDtm
Website created by
R. Parsons
Last revised: 02-Oct-2001