6. Conclusions
Michele Martoni and Monica Palmirani
As previously mentioned, the CAD has been amended, and the changes affect Articles 35( 3)–( 4), 35( 5), and 35( 6), respectively through Articles 24( 1)( a), 24( 1)( b), and 24( 1)( c) of Legislative Decree 235 / 2010.
Article 35( 1) ‐( 3) CAD now reads as follows:
“( 1) Signature‐generating secure devices and procedures must be secure so as to guarantee that the private key( a) is confidential;( b) cannot be derived, and that the relative signature is counterfeit‐proof; and( c) is adequately protected by the signatory from third‐party use.
“( 2) The secure devices and procedures referred to in the foregoing Article 35( 1) must guarantee the integrity of the digital documents so signed. These documents must be shown in a clear and unambiguous manner to the signatory before they are signed, and there must be confirmation that the signatory actually intends to generate the signature, this in keeping with the technical rules herein referred to in Article 71.
“( 3) The provision last mentioned, in the second sentence of Article 35( 2), does not apply to automated signatures, which are valid if the signatory consents to the signing procedure before the signature is affixed.” The most relevant provision, where we are concerned, is the one last quoted. Recall that under the previous version, the signing procedure was deemed valid if it“ was activated in a manner ascribable to the signatory, and so long as this person makes it manifest that he or she intended the procedure to be activated for the specific document so signed.”
As the reader will appreciate, the qualms previously expressed are allayed now that reference to the specific document has been struck out, and what appeared to be insurmountable obstacles have now been cleared away.
In light of this fact, the City of Ravenna has found it possible to launch its service for issuing registry certificates online. Each certificate is signed by the mayor, who figures as the signatory of an automated digital signature affixed ad hoc for the purpose at hand. The signing device in these cases is contained in an HSM. The mayor activates the signing procedure remotely by entering a PIN and at any time can halt the procedure, which otherwise will terminate once a preset number of documents has been signed. The procedure frames document streams by class, too, so that only certain predetermined types of documents move through the HSM. These constraints are expressly stated in the signature certificate, so that the entire procedure is transparent to third parties.
In this new evolution, this technical solution was used to export the registry certificates online to a large number of municipalities across Emilia‐Romagna Region and beyond( e. g., Rome), and it was also adopted by the ANCI( the National Association of Italian Municipalities). The experience developed in this context was held up as a best practice in the digital‐seal guidelines at the government level in Italy( under DigitPA). Moreover, a new paradigm emerged for managing remote signatures jointly with the digital seal affixed to digital documents. Finally, the appropriate technical and legal requirements were set for these documents to have legal validity once they are printed as hardcopies again, all the while making it possible to use the digital seal to keep the digital workflow chain moving. In this way the hardcopy paper became the medium for the digital document embedded in the digital seal, bridging the gap to which is owed the digital device. This legalinformatics approach makes it possible to digitize a key administrative service, in such a way as to smoothly transition from the paper era to the digital paperless era.
Acknowledgements
This work is part of the institutional cooperation between Municipality of Ravenna and CIRSFID about eGovernment’ s research topics, in order to favour the local Digital Agenda implementation.
References
Birch, D.( 1997) Secure Electronic Commerce, in Computer Law & Security Report, Vol. 13, N. 6, 454. Brennan, K.( 2001) Electronic signatures in global and national commerce: implications of new federal and state legislation on corporate compliance and transaction procedures, in Ciberspazio e Diritto, Mucchi, 2, 241, Modena. Cachin, C. and Chandrany, N.( 2009) A Secure Cryptographic Token Interface, on www. citeseerx. ist. psu. edu.
317