The
"hash total" to which Jim refers is an electronic signature. It allows others to
validate that document/file content is as produced (i.e. not modified in any
way) without unnecessarily encrypting the document/file content. It's like
a big checksum that requires a key for generation. A key is required to
calculate the electronic signature. This works when:
1) Those who must validate the document content as being
authentic have access to a key
2) Those who must validate the document content as being
authentic have access to the author's generated electronic signature for
each document for comparison to the key attached to the file. For very large
documents this can be much more efficient than securing a key or key pair or
constantly downloading copies of the original document.
gary
CAT, cited
below is a Committe of the US Judicial Conference. The approved the Federal
CMS/ECF system and judges' use of it in chambers for electronically file
orders. Two factor came up in my review of the Federal system for the
USDOJ 1) the Judges accepted the use of ID and password as
a "signature" 2) the Officially filed document is a PDF with some
sort of hash total to determine if anyone has tampered with the document, 3)
the National Security Agency approved the AOUSC system for interface with
the highly secure DOJ system.
Hope this
helps...
JimK
I
have sent a request for comment to some lists I belong to as well. The
responses are very interesting. I have gotten a few back that request
further information about the nature of the connection between the database
and the judge's chamber; i.e., if it is IP or other. Can this information be
provided? Thanks.
I recall
the Commitee on Automation and Technology considered this issue. I'm
copying some of the AOUSC folks to see if there is any background
material that might help.
Jim
Keane
"The only way in which to
circumvent this system is by bribing a member of the judge's staff to submit
a forged order to the system."
That statement may be a bit bullish. I have heard
of persons entering systems and placing unauthorized material
there.
Still, the statement "I believe that the issue John is
so concerned about is adequately addressed by this process" could be true.
It is a matter of the level of risk you want to accept. It seems a fair
question to probe the means employed by the system to prevent unauthorized
deposit of information. Maybe those means are adequate or maybe there is
room for improvement. What is adequate could depend on the type of the order
and what was adequate yesterday may not be adequate
tomorrow.
--Charles
On the last conference call,
John Messing insisted that the work of this subcommittee could not proceed
further until the issue of the security of judges' orders was adequately
addressed. John is concerned that electronic judicial orders will be
forged and criminals will be released from jail or prison as a
result.
The federal court efiling
system, and most state and local systems, have solved this problem by
treating the electronic record contained in the court's data base to be the
official judge's order. The system can guarantee the authenticity of
these electronic orders because it will not accept orders coming from any
address except the judge's chambers. Persons wishing to verify the
legitimacy of a purported order can go online, access the court's electronic
data base and view the official order there. The court advises law
enforcement and correctional personnel to check orders in that fashion; they
should not rely on a transmitted or printed copy of such an order.
This process provides security far exceeding anything available in the paper
world today. The only way in which to circumvent this system is by
bribing a member of the judge's staff to submit a forged order to the
system. That risk is minimal.
I believe that the issue John is
so concerned about is adequately addressed by this
process.
John M.
Greacen
Greacen Associates,
LLC
HCR 78,
Box
23
Regina,
New Mexico
87046
505-289-2164
505-780-1450
(cell)
******************************************************************************
The information in this email is confidential and may be legally
privileged. Access to this email by anyone other than the
intended addressee is unauthorized. If you are not the intended
recipient of this message, any review, disclosure, copying,
distribution, retention, or any action taken or omitted to be taken
in reliance on it is prohibited and may be unlawful. If you are not
the intended recipient, please reply to or forward a copy of this
message to the sender and delete the message, any attachments,
and any copies thereof from your system.
******************************************************************************
|