Benefits of the increased digital signature use in Argentina’s digital society
Marcos Hauria currently holds the position of Advisory Director in IDENTTIC, a company dedicated to corporate information security through the use of technological solutions. Former head of the digital signature infrastructure in the province of San Luis (Argentina) for two years and previous supervisor of the construction of their data center among other prominent roles, Hauria spoke to us in this interview about the advantages of digital signature and PKI and the role it plays in the development of a digital society in Argentina.
1. What do you think about the implementation and application of the digital signature in Argentina?
At a federal level, Argentina is in an embryonic stage regarding the use of this technology despite being one of the pioneers in digital signature legislation in Latin America due to the approval of Regulation N° 25.506 on November 14, 2001 and published on December 11th of the same year which recognized the legal validity of the electronic document, electronic signature and digital signature. Advancements were not made until November 2007 when the Root Certificate Authority Policy of Argentina was published by IFDRA (Digital Signature Infrastructure of the Republic of Argentina).
Since then, it has been implemented and utilized in some provinces with progress being slow due to numerous factors; with the exception of the province of San Luis which has become a national benchmark by setting the course for others to follow.
We are facing an important cultural change which I think will inevitably displace traditional support and writing models in the short or medium term. This is primarily led by the progressive movement towards paperless business processes, which reduces costs and improves quality, and by the possibility of the expansion of e-commerce platforms providing a secure channel for the exchange of sensitive information, benefiting all states that interpret the use of this innovative solution as a technological breakthrough; enabling the development of e-Government and resulting in a tool that is valuable for growth and the digital introduction of the population.
Also, we must analyze ourselves. I believe if we are to reach large scale use that we must smooth out the path for a correct use of the signature at home or at work. Reducing, simplifying or eliminating the processes of installation, configuration, and all that could result in rejection by the beneficiary. If this occurs, the digital alternative of a procedure or service could be misconstrued as more cumbersome/fastidious than the conventional procedure.
2. Do you consider that the Argentine legislation, with regard to signature, facilitates the development and expansion of the digital signature?
Digital signature legislation urges the State to comply with a “paperless” policy. In Article N°48, referring to the implementation of this requirement, it states, “… will promote the widespread use of digital signature enabling records to be processed through simultaneous channels, automatic information searches, and monitoring by the interested party, following the tendency of a paperless society. Digital signature technology will be applied to all laws, decrees, administrative decisions, resolutions and judgments within a maximum of 5 (five) years from the enforcement of this regulation“. It is worth noting the purpose for the mandate, but upon analyzing the current situation you can see that these issues are not achieved by pure proactivity but depend on a structural change in our bureaucracy.
There are factors that currently delay its development and expansion. Some are directly related to the existence of a demanding (and outdated) regulatory decree for those who want to begin the certification process to become a Licensed Certification Service Provider, since it demands a large initial investment in infrastructure, and which in turn limits the possibilities to market/share/rent, as a ROI strategy, converting it into an unappealing business up until now.
It also requires that the subscriber of a digital certificate have a cryptographically secure storage device which directly impacts upon its economy.
It is impossible to think about the development of digital signature application and its mass use if one of the three fundamental pillars is missing:
- User connectivity and accessibility
- Digital signature infrastructure (including end-users devices)
- Applications and services.
3. The extensive use of digital signature is directly related to the usability of digital certificates. How many public key infrastructures (PKI) does Argentina have?
Article 17 of the law 25.506 on Digital Signature establishes that “… a licensed certification service provider is any natural person, public contracts register, or public organization that issues certificates, provides other services relating to the digital signature and holds a license to do so having been issued by the licensor.” By virtue of this, Argentina currently has four Licensed Certification Service Providers;
- The Federal Administration of Public Revenue (AFIP)
- The National Social Security Administration (ANSES)
- The National Office of Information Technologies (ONTI)
- And the corporation, ENCODE S.A.
In the case of the province of San Luis, which has its own public key infrastructure (PKI) and the corresponding regulatory framework, it aspires to a mutual recognition of the certificates issued by both jurisdictions, known as certificate crossing.
It is important to note that the following organizations have been admitted into the licensing process, in accordance with current regulations and in order to become licensed certification service providers, and therefore components of the Digital Signature Infrastructure in Argentina.
- Banelco S.A.
- Box/Custodia de Archivos S.A.
- Supreme Court of the Province of Buenos Aires
- DigiLogix S.A.
- Edicom S.A.
- Lakaut S.A.
- Tecnología de Valores S.A
4. Which sectors are the PKI in Argentina directed toward and tell us about their development and evolution?
In our country, the widespread use of the digital signature or electronic signature can be seen in the procedural management within the public administration. With different initiatives related to the digitalization of administrative circuits, on a minor scale and in the background; new players are arriving from the private sector. We are starting to see a trend in this regard, although there is still a strong cultural component that hinders the general acceptance.
Many provinces in Argentina are complying with the national regulation and are, with guidance from ONTI, in the training and implementation process.
There is currently only one Licensed Certification Service Provider authorized to issue certificates for use in the private sector.
- Certification policy of the Certificate Authority of the Federal Administration of Public Revenues (AFIP).
For natural persons using AFIP services through a Fiscal Key and for tax, customs, fiscal and administrative procedures carried out between taxpayers and the AFIP provincial and municipal collectors who adopt the certificates from this Certificate Authority.
- Certification policy of the Certificate Authority of the National Social Security Administration (ANSES)
For natural persons who perform functions for ANSES and applied to their administrative processes regardless of the relationship that links them.
- Certification policy of the Certificate Authority of the National Office of Information Technologies (ONTI)
For natural persons who perform functions in a state organization, enabling them to sign any electronic transaction associated with their functions or to carry out procedures before the State.
- Certification policy of the Certificate Authority for natural and legal persons of ENCODE S.A.
For natural or legal persons (public or private), their respective employees, authorized persons, affiliates, registered or enrolled persons; who in compliance with their obligations must exchange or present before the appropriate party the documentation required by current regulations.
5. In the majority of cases when talking about PKI we think of public infrastructures; however, the asymmetric encryption has a place in private organizations. What are the benefits for a company that has its own PKI?
Having a public key infrastructure provides great benefits to all organizations, even the smallest, since they enhance their management system with improved traceability and tracking as well as reduce supply costs such as paper and related supplies. And even large corporations with a geographically dispersed infrastructure. These corporations find added value to expand their e-commerce platforms, supported by a secure channel for the exchange of sensitive information.
It is important to emphasize that both digital signatures and electronic signatures are recognized by the regulation N° 25.506 and either can be used within an organization. What makes it effective is the agreement between the parties that determine its use for the organization and its clients, users, employees.
An example of this is online banking (Home Banking) provided by banks where the bank’s client agrees, through an agreement between the parties and with the benefits that online access provides, to access with a PIN code as a security mechanism.
The deployment of PKI usually begins when an organization introduces one or more applications that are dependent on the existence of an public key infrastructure (PKI). Some of the applications and technologies that can prompt an organization to implement a PKI can be:
- Authentication of wireless, 802.1 x port-based network access
- Digital signature for secure transactions through networks or the internet
- Data encryption systems
- Web authentication and encryption, use of SSL certificates
- Internet Security Protocol, authenticate IPSEC association
- Secure email
- Logon via smartcard
- Code signing
- Authentication in virtual private networks
6. From your vantage point as a consulting expert in the digital signature and PKI field, how do you feel about the Argentine market? Do you feel that the society and market of Argentina are committed to using these new technologies?
We willingly participate in evaluations from several agencies in the certification process, and are constantly consulted by the State and private entities, as well as contracted for training and audits. Our expertise allows us to address from the compliance necessary for the construction of a data center meeting documentary, procedural, regulatory requirements and standards, to the process of drawing up the certification policy, annexed documents, while walking hand-in-hand through the entire process.
Regarding the introduction of these new technologies, I believe that we are seeing the dawn of this technique in Argentina. The digital signature in the public sector is taking off in provinces who want to take charge of its implementation. At the same time, this year, the private sector is showing increased interest generating a huge step forward into the market, evident of this is the amount of certification policies presented to ONTI to become Licensed Certification Service Providers.
Digital signatures are, without a doubt, here to stay, attempting to break down the traditional models of writing and support.
7. Are the citizens of Argentina aware of the possibilities offered by the digital signature to extend customer service to their processes with different public administrations?
For personal use, I think that we have not managed to communicate efficiently to the citizens the potential of digital signature use, its benefits, effectiveness and above all, security.
E-Government impacts mainly in the transparency, simplification and faster access of all public administration processes, allowing a substantial transformation in routine administrative tasks of government agencies and providing a more agile and efficient service to citizens. Digital technology allows them to track records and verify that all public and administrative processes are managed from the beginning until their completion, replacing the use of paper (with all the directly related costs and impact on the environment). When correctly implemented, it meets the registration, management, information, control and statistics requirements; offering processes that are streamlined, automated and transparent.
8. What trends or initiatives do you see in Argentina when it comes to promoting the use of the digital signature?
Many of those who are linked to the use of the signature diligently await an update to the Administrative Decision 6/2007 that will allow for the addition of new participants in technology management. And also, that eases the building infrastructure exclusivity and can offer housing to third-parties.
Initiatives that stand out right now are directly linked to services provided by the State to citizens. It is important to diffuse the use of portals offering services to citizens that create a direct line of communication.
Digital signature will have a great impact on judicial activity where you will find fertile terrain for implementation.
9. Are there new participants in the Argentine market regarding PKI and Digital signature?
Argentina is going through a difficult economic time which hinders the admission of new participants.
There are specific cases, such as that of the European technologies company, REALSEC, which despite having arrived recently has managed to position itself strongly in the local market.
REALSEC pleasantly surprised us with their own encryption and digital signature solutions which are applicable to the banking sector as well as to payment methods, Government, defense and especially the private sector. With tailored appliance and concrete solutions for the organization.
10. What is your opinion about the fortress that the use of an HSM (Hardware Security Module) supposes in the generation of digital certificates and in secure Digital Signature processes?
The digital signature is an instrument with technical and regulatory characteristics. This means that there are technical procedures that allow the creation and verification of digital signatures. In my opinion, it is imperative to ensure the overall reliability of sensitive data and there is nothing more on target than the implementation of an HSM, Hardware Security Module, to establishing a tamper-proof infrastructure.
In Argentina, through the Regulatory Decree 6/2007, Annex I, section 2, the standards are set for cryptographic devices and establish that it is a requirement that the cryptographic keys of the certifying authority are created and stored on devices that have been issued a FIPS 140 level 3 certification (requirement met by an HSM, Hardware Security Module). In the same way the keys used for signing the certificate status information or services related to the digital signature.
11.How do you perceive the immediate future of e-Government development and Digital Signature usability in Argentina?
I believe that e-Government will be the driver towards the use of digital signature in 2015. Generating a great impact mainly on transparency, simplification and faster access to all public administration processes, allowing a substantial transformation in the routine administrative tasks of government agencies and offering more agile and efficient services to citizens. Paving the way towards a more integrated, efficient and balanced society.
Source: Canal AR