E signature

1
E- signature E- payment, A view from Egypt
UNITED NATIONS ECONOMIC AND SOCIAL COUNCIL
ECONOMIC COMMISSION FOR AFRICA First Meeting of
the Committee on Development Information,
Science Technology (CODIST) Addis Ababa,
Ethiopia 28 April 1 May 2009

• Judge Dr. Ehab Elsonbaty
• Cyber Law Expert, Egypt
• ehabelsonbaty_at_hotmail.com

2
Topics of discussion

• E- finance.
• (E- BANKING.
• E-PAYMENT.
• E-MONEY.
• SMART CARDS.)
• Electronic signature.
• Legal challenges.
• Egyptian approach.
• Recommendations.

3
Why is cyber security crucial for Banking?

• Digital computers have changed the financial
  world, the same way the industrial revolution
  did.
• Financial institutions moved away from physical
  objects as the substance of commerce to
  INFORMATION.
• Possession and dissemination of information is
  the core of banks activity.

4
Why is cyber security crucial for Banking?2

• The challenge in front of the bank is How to
  have the identity and ability to provide
  guarantees, transport, record, exchange and
  settle electronic value data.
• As bank to bank or bank to customer(ATM,E-
  accounts, E-saving, Online credit card payment
  system, Electronic Payment based on Trusted Third
  Party (TTP), Digital Cash, M-Payment, Electronic
  billing presentment and payment,Freeing customers
  from the tyranny of paper)

5
Regulate or not to regulate, is this the question?

• The ability of the legislations of many states to
  govern computer activities properly is under
  question,
• Thanks to the rapid development of technology
  which cause new problems on a speed regular
  bases.

6
regulatory issues

• Common law approach
• Minimum regulations less litigations - Self
  regulations - Market leads
• Civil law approach
• Every thing is regulated - Not used to codes of
  conduct Implementation, Guidelines.

7
How does E-Finance challenges classical law
rules?

• Identity /person.
• Location.
• Material / property.
• Nationality.
• Time.
• Contract
• (capacity, formation, conclusion, warranties,
  paymentetc.)

8
Risks according to Basel committee 1

• OPERATIONAL RISK
• No enough security.
• Not adequate design.
• Customers abuse.
• REPUTATIONAL RISK
• Public opinion rise against a bank with a bad
  system can create a negative stereo type on other
  banks.

8
9
Risks according to Basel committee 2

• LEGAL RISK
• Abuse of laws specially those relating to money
  laundering, mutual obligations and electronic
  mediation.
• OTHER RISK
• Credit risks, interest rates, giving credit
  facilities to customers abroad which create a
  possibility that customers may not be able to pay
  their debits.

9
10
E-MONEY! 1

• By its decentralized, distributive nature,
  electronic money was supposed to have the same
  potential for transforming economic structure as
  personal computers did for overhauling management
  and communications structure .

11
ELECTRONIC MONEY 2

• Financial systems are emerging which allow
  economic value to be represented digitally by
  electronic patterns. This 'electronic money', or
  e-money, can be exchanged through the use of
  'smart cards' or over the Internet.
• Unlike stored value cards, e-money can pass
  immediately between the two transacting on-line
  parties, without the need for an intermediary
  (e.g., e-cash by DigiCash Inc.).
• The current situation for e-money thanks to money
  laundering and combating terrorism finance issues.

12
Smart cards

• What should be protected?
• The smart card itself?
• The design?
• Or the application on the card?
• Is minimum level of security is required to
  grant protection?

13
The Potential for money Laundering 1
14
The Potential for money Laundering 2

• The abuse of electronic banking by money
  launderers may become a significant problem in
  for two reasons
• transactions may become untraceable and
• transactions are incredibly mobile.
• Dilemma for the banks.

15
New trends in cyber crime!

• Relevant to banking operations.
• Phishing - Smishing.
• can erode the trust of customerscardholders and
  merchants
• We must be fully committed to protecting the
  system each and every day.
• Must employ multiple layers of security.

16
Secrecy Laws

• Review secrecy laws to determine the need for
  legislative, regulatory or other actions
• to Facilitate the sharing of financial
  institution records and related information
  between law enforcement agencies and regulatory
  authorities, and among governments .

17
Cryptography and Banking Application 1

• Cryptography (encryption) is particularly
  important to the growth of electronic Finance
  because it provides the means to ensure the
  authenticity, integrity and privacy of
  transactions and communications, providing the
  necessary security for the digital world.

18
Cryptography and Banking Application 2

• The inability to decrypt could well have a severe
  impact on the prevention, detection,
  investigation, and prosecution of crime, the
  ability to monitor security threats.
• It is for these reasons that arguments are made
  in favour of reasonable limits on the production,
  export, import and use of cryptography.

19
Situation in Egypt

• No e-banking law in, only a license of the
  central bank.
• Many applications in posts, telecom companies and
  e-government.
• need to enable electronic payments supporting
  various categories of merchants and service
  providers such as utility companies (telephone,
  natural gas, electricity, cable companies, petrol
  stations, etc.) healthcare service providers
  (hospitals, clinics, pharmacies, etc.) campuses
  of schools and universities supermarkets,
  grocery shops and food stores hotels and
  restaurants market places, shopping centers, and
  department stores etc.
• E-Government Program that aims at making
  governmental services available at the fingertips
  of the citizens, and hence requiring nation-wide
  e-payment services at outlets that offer
  government services.

20
Egypts competitive advantages

• Excellent Telecommunications infrastructure at
  low cost and country-wide availability.
• The local market for e-payment can be extended to
  cover hundreds of thousands merchants and
  service providers, thus making this venture very
  profitable from an investment point of view.
• Great opportunity to develop and export software
  for POS and e-payment devices running Arabic
  interfaces to the Arab region, making use of the
  highly skilled ICT professionals in Egypt.

21
Egyptian E - Law

• New digital signature law 15/2004 and the
  regulator (Information Technology Development
  Authority)
• An enabling law.
• Draft of e commerce legislation.
• Draft Law onRegulating the protection of
  Electronic Data and Information and Combating
  Crimes of Information
• E-payments?
• Data Protection Law.
• Recently a Consumer Protection Law was passed
  67/2006.
• Revision of international and regional commitment.

22
Overview of Electronic Signature Law 1

• WHAT IS AN ELECTRONIC SIGNATURE AND A DIGITAL
  SIGNATURE?
• Articles 14 18 explain the legal value of
  electronic writing and electronic signature, its
  weight of proof, its ability to prove obligations
  and rights.
• If the criteria are met the electronic writing is
  considered as the paper one and has the same
  weight of proof.
• The electronic document was also explained.
• The electronic signature will have the same proof
  evidence as traditional signature by giving
  credibility to the content of the electronic
  writing it is signed with.

23
Overview of Electronic Signature Law 2

• ARTICLE 18
• The electronic signature, electronic writing, and
  electronic documents shall enjoy their
  conclusiveness in providing evidence in case they
  fulfil the following conditions
• a) Linkage of the electronic signature
  exclusively with the signer
• b) Control of the signer exclusively on the
  electronic medium
• c) The possibility of uncovering any modification
  or replacement in the data of the electronic
  document or electronic signature
• The executive regulations of the present Law
  shall determine the technical and technological
  regulators necessary therefore.

24
Crimes punished by the Electronic Signature Law 1

• ARTICLE 23
• Subject to any stricter penalty prescribed in the
  Penal Code or in any other Law, a penalty of
  imprisonment and a fine of not less than ten
  thousand Egyptian pounds and not exceeding one
  hundred thousand Egyptian pounds or either
  penalty shall be inflicted on
• a) Whoever issues an electronic ratification
  certificate without obtaining a license for
  exercising the activity from the Authority

25
Crimes punished by the Electronic Signature Law 2

• b) Whoever damages or vitiates an electronic
  signature, a medium, or an electronic document,
  or fakes something of that by fabrication,
  modification, alteration or in any other way
• c) Whoever uses a vitiated or faked electronic
  signature, medium, or electronic document while
  being aware of this
• d) Whoever violates any of the provisions of
  articles (19, 21) of the present Law

26
Crimes punished by the Electronic Signature Law 3

• e) Whoever manages by any method to obtain
  without due right an electronic signature, a
  medium, or an electronic document, or penetrates
  that medium, obstructs it, or inactivates the
  performance of its function
• Whoever Violates article (13) of the present Law
  shall be liable to a fine penalty of not less
  than five thousand pounds and not exceeding fifty
  thousand pounds.

27
Crimes punished by the Electronic Signature Law 4

• In case of recidivism, the penalty prescribed for
  these crimes shall be doubled in its minimum and
  maximum limits.
• In all cases, the court shall rule the publishing
  of the conviction sentence in two daily
  widespread newspapers and on the open electronic
  information networks at the expense of the
  convict.

28
Crimes punished by the Electronic Signature Law 5

• Article 24
• The officer in charge of actual management of the
  violator juridical person shall be liable to the
  same penalties prescribed for the deeds
• committed in violation of the provisions of the
  present Law, if his default on the duties imposed
  on him by such management has contributed to the
  occurrence of the crime, while being aware of
  this.
• The juridical person shall be jointly responsible
  for executing the financial penalties and
  compensations awarded by the court, if the
  violation has been committed by one its workers
  in the name and the interest of the juridical
  person.

29
Recommendations 1

• A countrys success in the e- era will depend on
  its ability to participate in the global
  knowledge-based economy.
• The electronic marketplace will have to be
  governed by a clear set of rules, so that
  corporations, institutions and individuals can
  have confidence in doing business electronically.
  Ensuring the safety and reliability of the system
  will be crucial.

30
Recommendations 2

• There is a need for a comprehensive legal
  framework that covers Cyber crime, E- commerce,
  E- transactions and Electronic signature.
• Existing laws should be reviewed and modified
  according to the new technologies and
  applications.
• This is including but not limited to security
  public order- penal codes - consumer rights
  liability data protection money laundering
  secrecy laws.

31
Recommendations 3

• Public and private sectors entities should take
  their responsibilities
• Compliance.
• Investments in security.
• Exchanging information.
• Peering experiences and alerts.
• Spread the awareness between networks.
• Consulting with law enforcements.

32
E- signature E- payment, a view on Egypt_at_
THANK YOU FOR YOUR ATTENTION,ANY QUESTIONS?
UNITED NATIONS ECONOMIC AND SOCIAL COUNCIL
ECONOMIC COMMISSION FOR AFRICA First Meeting of
the Committee on Development Information,
Science Technology (CODIST) Addis Ababa,
Ethiopia, 28 April 1 May 2009

• Judge Dr. Ehab Elsonbaty
• Cyber Law Expert, Egypt
• ehabelsonbaty_at_hotmail.com