e-voting: towards a direct democracy?

e-vote yes noTwo key technologies have had to reach their maturity to even think of remote electronic voting as an alternative to cast voting: the Internet and public key cryptography. The first one allows the access of millions of people to servers anywhere in the world, and the second one because it allows to apply the technical security measures to ensure the integrity of the vote and, where necessary, privacy and non-repudiation.

The explosion of smartphones and tablets do nothing but transform the remote electronic voting in a much more attractive alternative. Nowadays we are also witnessing the dawn of  Internet-connected televisions; so, in a world where the percentage of people with Internet access is very significant on the global and increasingly high, what are we waiting to start voting electronically from our homes, hotels or wherever we are? Of course, no t before the “organizers” (e.g. governments) put the resources.

Let’s start defining remote e-Voting as where voting is performed within the voter’s sole influence, and is not physically supervised by representatives of governmental authorities (e.g. voting from one’s personal computer,mobile phone,television via the internet (i-voting) and, for the purpose of this paper, we will focus on elections to the state governments, autonomous regions, municipalities, namely the election of public office, usually by universal suffrage.

Who is interested in the remote electronic voting?

If we assume, as is the case, that remote electronic voting can offer the same guarantees that voting in person (which is secret, non-transferable, which may not have more than one vote per voter, where provided for the election, …) the first actor is the voter: you can vote from wherever your are, no traveling, no queues and still wearing pajama.

In addition, the voter, as a stakeholder in the outcome of the vote, is also interested in the speed of count (although this is not unique to remote electronic voting) and the fact that minimize counting errors. This account, incidentally, is also much cheaper either in euros or in hours of people or both.

These benefits, I may insist, associated with electronic voting in general, not just with the remote electronic voting in particular, should also engage governments (parties) for obvious reasons.

All parties are filled her mouth with “participation”, the importance of participation in elections and the fact is that if we want the parliaments represent the plurality of the people who elect them, participation is very important … and a appropriate electoral law even more.

With voting facilities granted by the remote e-voting is evident that it will increase participation.

Challenges of remote electonic voting

It is biased

Basically for two reasons: because, although an increasing percentage of citizens with Internet access (ranging from 13.5% in Africa and 78.6 in North America with a global average of 32.7% and an increase of 528% between 2000 and 2011, see http://www.internetworldstats.com/stats.htm) it is not UNIVERSAL, and because the profile of people who use it frequently or use it for something as personal as voting is not a representative sample of all strata of society, nor economic neither cultural.

Therefore, the remote electronic voting today can not eliminate voting in person, but to complement it, so that voters who so wish to use this medium and state and voters take advantage of its benefits, at least partially.

Several generations have to pass to think of remote electronic voting as the unique way to vote in general elections.

However, in other elections where the electorate is more closed and controlled and where the universality of access and frequent use of internet is the norm, remote electronic voting stands as a great solution

Is it personal and not transferable?

Despite efforts in securing the remote electronic voting is clear if you vote in person in front of representatives is highly unlikely that I impersonate another person, anything likely to be my wife who impersonates me and of course, the threats to which I can be subjected, at least not contemplate the immediate physical harm to me.

This, by the very nature of “remote” electronic voting at hand, is much more difficult to guarantee. And at this point, I honestly do not know what else can be done and if these deficiencies someday allow government elections in one country can be fully by remote electronic voting.

If you liked this post, or you think it may be helpful to others, please share it via the buttons you’ll find below.

Posted in Digital signature success stories | Tagged | Leave a comment

February and electronic invoicing

electronic invoicing

electronic invoicing

During this month of February we left behind, two events related to electronic invoicing have been held.

On the one hand, very close, the Sixth Congress of Electronic Invoicing and Certified Scanning, organized by the Association of ICT Sector (AMETIC) and held last February 23.

As indicated in www.facturae.es, there have been significant developments since the lastcongress, including the adoption of the COUNCIL DIRECTIVE 2010/45/EU of 13 July 2010 amending Directive 2006/112/EC on the common system of value added tax as regards the rules on invoicing (PDF)

One of the most controversial points of this directive is paragraph (11)

The authenticity and integrity of electronic invoices can also be ensured by using certain existing technologies, such as Electronic Data Interchange (EDI) and advanced electronic signatures. However, since other technologies exist, taxable persons should not be required to use any particular electronic-invoicing technology

that seems to go against the mandatory use of electronic signature (much less qualified) to ensure the authenticity and integrity of electronic invoices.

Borja Adsuara, recently appointed CEO of Red.es (ES), also announced that the Ministry of Telecommunications and Information Society (SETSI) will invest 650,000 euros to foster the development of the electronic invoice (ES), an amount may seem high, but, according to the administration, would save 15,000 million euros, or what is the same, 1.5% of Spanish GDP.

A great summary of the Congress can be read in the post CONCLUSIONS AND COMMENTS ON THE SIXTH CONGRESS OF ELECTRONIC INVOICING AND CERTIFIED SCANNING (ES), written by Bartolomé Borrego (ES).

The other event related to the electronic invoicing of February took place on 15th, at the offices of CEN (European Standardization Center) in Brussels. This was the end of phase 3 of the e-Invocing CEN Workshop.
After completion of the first workshop on electronic invoicing (e-Invoicing Workshop) in 2006 and the second phase of the workshop in 2009, a third phase was established in Brussels, 9 February 2010 (CEN WS EINV III) that has been completed on 15th February.
In this third phase have been developed the following deliverables (links to the drafts, since the final versions are not yet released):

This third phase has been very focused on the barriers to adoption of electronic invoicing in Europe and how to extend its benefits to all types and sizes of companies.

From isigma we believe strongly in the economic and environmental benefits of electronic invoicing and create products affordable and easy to use (as ClickSign or PortaSigma -ES-) to deliver electronic invoices to any user or business class, aligning with the guidelines of the third phase of e-Invoicing CEN Workshop.

As always, if you liked this post, or you think it may be helpful to others, please share it via the buttons you’ll find below.

Posted in electronic invoicing | Tagged , | Leave a comment

PortaSigma users take 4 days less than its competitors to collect customer signatures

PortaSigma users are companies that need to collect signatures from their customers on a recurring basis. Traditionally, there were three methods to perform this operation:

Method 1: Moving to customer’s office

1. An authorized person in the company, looked for a gap in its calendar

2. Prepared two printed copies of the document

3. Took them in hand to the customer

4. In the office, both signed the documents

5. The authorized person, came back with the document copy

6. The authorized stored his copy in the corresponding file

Method 2: Sending the documents

1. The authorized person, prepared two copies of the document

2. Signed both copies

3. Prepared the envelop, and sent the documents to the customer’s office

4. The customer signed both copies

5. Stored its own copy

5  Prepared a new envelop and sent the original copy to the authorized

6. Who stored the copy in the corresponding file

Method 3: Receiving the customer

1. The authorized person dated the customer for the signature

2. Prepared two copies of the document

2. The customer went to the authorized office

3. Both copies were signed by both parts

4. The customer took his copy of the document

5. El autorizado de la empresa archivaba su copia

Since using PortaSigma, their routine is the following:

1. They upload a document to PortaSigma

2. Define the name, e-mail and identifier of the customer

3. Send the signature request, and in a few seconds, the customer has the possibility to sign form its PC or mobile phone

4. The customer signs the document

Thanks to this, these companies could spend more time to its core business.

Moreover, thanks to digital storage, these companies need less rooms to storage their physical files. As a reference, a traditional file fits 400 documents.

But maybe the must important benefit is the improovement of the service level to the customers.

With the cost reduction, and the service level improovement, PortaSigma users are obtaining a competitive advantage with their competitors, who keep applying handwritten signatures to their documents.

The following table shows the average of time invested in each of the described methods:






Waiting for the meeting 3 3 0
Sign and send the request from PortaSigma 0,1
Preparing two printed copies 0,1 0,1 0,1 0
Preparing and sending the envelop 0,1 0
Waiting for the delivery 3
Moving to customer’s office 0,5
Receiving the customer 0,5
Signature act 0,2 0,1 0,1
Preparing envelop and turning back 0,1
Signing request with PortaSigma 0,1
Returning to the office 0,5
Storing in fil 0,1 0,1 0,2
Total invested time (days) 4,4 3,5 3,9 0,2
Global satisfaction of the agents

Join now PortaSigma, and begin taking profit of these advantages from now on.

Posted in Digital Signature Software, Sin categoría | Leave a comment

Massive digital signature in PortaSigma

PortaSigma continues to improve its performance, meeting the demands of our customers. Latest improvement has been the massive digital signature feature.

There are professionals in certain sectors, who need to attend the request to sign many documents. For them, we designed this system that allows quick review, and to sign a batch of documents with just one click.

On screen we can check all the documents pending for signature, and the signature process progress.

Moreover, with this upgrade we’ve included support to ICP Brazil certificates.

If you still don’t have a PortaSigma account, create one now, and tell your partners that you are ready to sign your documents without unnecessary movement.

For additional information:

Román de Blas / rdeblas@isigma.es / +34 93.519.13.75

Posted in Digital Signature Software | 1 Comment

Four institutions sign agreement to integrate Digital Electronic Signature program in Panama

The Public Registry signed an agreement with four government institutions to become part of the national Digital Electronic Signature.

Luis Barrios, Public Registry’ Director, said the program will be implemented in the judiciary, the National Land Authority (Anati), the College of Notaries Public and Procurement Directorate.

He added that these four entities are part of a pilot plan to integrate it to all government institutions and civil society.

Barría said that befre ending 2011, the four institutions should already have implemented this digital system. “With this new program we’ll remove the signature on paper, ” he said.

He also noted that the digital signature is safer to which we are accustomed. The pilot scheme had a cost of four million dollars.

Posted in Digital Signature Software, Digital signature success stories | Tagged | Leave a comment

Controlling the User Experience when SSL Root Certificates are not Recognised by Browsers

So, Browsers Scare your Users by Saying your SSL Certificates Suck, hmmm?

Yup, we all know SSL is the way to go when protecting your site’s traffic from the bad guys, and it is not that difficult to set up. But what happens when the browsers don’t have pre-installed CA root certificates for the issuer of your SSL certificates? They tend to present very scary messages. Some versions of Internet Explorer heartily recommend users to get away from your site as quickly as possible, lest they be eaten by evil monsters (well, not exactly, but it has a similar effect).

Scare tactics may work well for browser manufacturers, so that certificate issuers are willing to make their certificates recognised and pre-installed in these browsers (or OS) releases. This process might involve some payment to the browser’s manufacturer… (warning: this is my personal unproven claim… call me suspicious if you wish).

In any case, once the user clicks on a link to your secure SSL-protected HTTPS site, funnily enough, the browser’s alarm messages may make it appear as a more insecure choice than using HTTP. What the …?

It looks like you don’t have control over the user’s experience… or do you?

We at Isigma have devised a mechanism that does give you some control over what your users see, and at least skip the browser’s message and replace it by your own page. It involves some Javascript Ajax. We have written it with jQuery but you can use any equivalent Ajax library of choice.

How can I Replace the Browser’s Unrecognised SSL Certificate Message?

Our solution consists of having a plain HTTP welcome page that checks behind the scenes whether the browser can open the HTTPS page, and if so does an automated redirect to the secure page. If the redirect doesn’t happen, it shows a message informing the user that in order to access your site she should install the root certificates, and instructing her how to do so.

For that purpose we created a jQuery-based javascript function ssl_check_and_redirect that honors its name. You give it an https URL, and if the browser can open it with Ajax, it redirects you automatically.

[code lang=”javascript”]
function ssl_check_and_redirect(url) {
$.ajax({
url: url,
dataType: "script",
success: function(){
window.location.replace(url);
}
});
}
[/code]

The datatype of “script” is a useful trick to avoid browsers’ same-origin policy restrictions when performing Ajax calls.

Unfortunately, if you try to use an error callback for the case where the SSL certificate is not recognised (I know that’s what you’re thinking, because it’s what I thought), you’ll find out that it is never called. To detect that case, you may want to use a workaround based on some sort of timeout instead.

Calling this function upon page load with jQuery is as simple as:

[code lang=”javascript”]
$(function() {
ssl_check_and_redirect("https://app.portasigma.com/");
});
[/code]

A simplified full welcome page (accessible via plain HTTP, no SSL) could look like:

[code lang=”html”]
<!DOCTYPE html>
<html>
<head>
<script src="http://code.jquery.com/jquery-1.4.4.js"></script>
<script>
function ssl_check_and_redirect(url) {
$.ajax({
url: url,
dataType: "script",
success: function(){
window.location.replace(url);
}
});
}

$(function() {
ssl_check_and_redirect("https://app.portasigma.com/");
});
</script>
</head>
<body>
<div id="log">
<p>Performing a check before accessing our secure site</p>
<p>If after a few seconds the secure page doesn’t show up, you will
have to install our SSL root certificate etc… (your friendly personal
message to avoid browser scare)</p>
</div>
</html>
[/code]

Possible Improvements

This solution could be improved by using a three-page structure:

  • Welcome page that tells performs checks and redirects the user to the SSL page if OK. It has a timeout that, in case the SSL redirect doesn’t happen, takes the user to the warning page
  • Warning page, informing that the user should install the root certificates…
  • The good HTTPS page, the original page where you want your users to go

We leave this improved version as an exercise to the reader.

Posted in Digital certificate practices | Leave a comment

Moving to digital signature in Paraguay

Paraguay’s government published oficially the law project, that gives legal validity to electronic signatures, digital, data messages and electronic case files.

President Fernando Lugo had objected  entirely the project, but both houses of Congress were ratified in their approval, which is why the executive had no choice but to enact.

The government must regulate the project 90 days after publication, on December 24th.

The electronic signature is the integrated set of electronic data, linked and logically associated with other electronic data, used by the signatory as their means of identification.

The digital signature is an electronic signature certified by an accredited provider while the message data is any information generated, sent, received through electronic means (mail, telegram, telex, telefax, etc.)..

Posted in Digital signature success stories | Tagged | Leave a comment

ECB urges financial institutions to incorporate electronic signatures for its operations

The Central Bank of Ecuador, will incorporate its services, electronic signature technology. It can increase the level of confidence in electronic transactions and information exchange, so it also urged financial institutions to use this technological tool to secure the electronic transactions of their customers, and reduce the risks of theft and fraud in the banking system.

This technology guarantees the authenticity of who generates a data message, digitally signed document integrity, and also there is no possibility for a signatory to deny its action.

The electronic signature is data in electronic form attached to a data message, that identify the signature holder in relation to the data message and indicate that the signatory approves and recognizes the information contained therein. It has the same legal validity as a handwritten signature.

This signature is generated using a digital certificate, with which the certifying authority assures the link between the user’s identity, its public key and the private one.

El  Banco Central del Ecuador, incorporará a sus servicios el uso  de  la  tecnología  de  firma  electrónica, la misma permite aumentar   el  nivel  de  confianza  en  la  realización  de  transacciones electrónicas  y  en  el  intercambio de información, por lo también instó a las Instituciones Financieras a usar  esta herramienta tecnológica  con  el  fin de asegurar las transacciones electrónicas de sus clientes y reducir los riesgos de robo y fraude en el sistema bancario.

Dicha tecnología ofrece  garantías  de  autenticidad  de  quien  genera un mensaje de datos, integridad  de  documentos firmados electrónicamente, confidencialidad y además no existe la posibilidad para que el firmante niegue su acción.

La  firma  electrónica,  son  datos  en  forma electrónica adjuntados en un mensaje de datos, que identifican al titular de la firma en relación con el mensaje  de  datos, e indican que el titular de la firma aprueba y reconoce la  información  ahí contenida.  Tiene la misma validez legal que una firma autógrafa.

Dicha firma se la generará a través de un  certificado  digital  mediante  el  cual la autoridad  de  certificación  asegura la vinculación entre la identidad del usuario, su clave pública, y privada.

Posted in Digital signature success stories | Tagged | Leave a comment

Digital Signature at universities: Universitat Ramon Llull (URL)

¡Clica aquí para leer entrada en español!

Universitat Ramon Llull (URL) will drastically reduce paper storage, and the execution time of its administrative tasks, through the use of digital signature.

This university consists of ten federated institutions. Each and every one of its centers, may supplement their applications with electronic signature process for its users.

Thanks to this, the signing of minutes, publication of letters, contracts with suppliers, documentary control, may be carried out telematically, without requiring paper printouts, or people travellng.

To achieve this, Universitat Ramon Llull has decided to implement PortaSigma. A centralized instance of our tool will provide each center’s computer applications, the necessary services for its users to sign and validate documents using their digital certificates.

To access PortaSigma, applications make use of the web services available through the API.

Universities are certainly environments that meet a series of features that make them suitable for the deployment of digital signatures. Among others:

  • Arrangements with banks, for the distribution of cryptographic smartcards, and digital certificates, for students and teachers
  • Handle large amount of documentation, which often require a handwritten signature of participants in the process

Being a cross-application tool, PortaSigma can also help improve the administrative processes in many other industries. Banking, Insurance, employment, Veterianaries and universities, are just the tip of the iceberg of the universe using this tool. From iSigma, we’ll do our best to further improve many processes and industries with digital signature.

Román de Blas / rdeblas@isigma.es

Posted in Digital signature success stories | Leave a comment

PortaSigma, more international and easy

¡Clica aquí para leer la entrada en castellano!

PortaSigma keeps growing for you.  This time we present two new developments that might interest you:

First of all, we’ve modified the signatorie’s identification system to a new applet, which gets the following improvements:

  • We have minimized the weight of this component, so that the download occurs so quickly that it is nearly not time consuming
  • We have optimized the certificate’s filter system, so now we present them in a much comprehensible way for the user

With these changes, the recipients of your signing requests can access and operate in PortaSigma faster and more intuitively.

Secondly, following our international focus, we have adapted PortaSigma to the requirements of certificates from the following countries: Colombia, Estonia and Finland.

This is only the first step in our goal of covering the largest number of providers of certification services worldwide. Future versions will incorporate also certificates from other countries.

For now, as a new, can benefit from the advantages of PortaSigma, users of the following certificates:

  • Certicamara, Colombia
  • Identifier from SK (Certification Centre, legal name AS Sertifitseerimiskeskus), Estonia
  • Population Register Center, Certificate Services, Finlandia

We keep on making signature easier. If you have still not tried PortaSigma, do it now!

Román de Blas / rdeblas@isigma.es

Posted in Digital Signature Software | Tagged , | Leave a comment