Digital Evidence and Electronic Signature Law Review

Editorial

Stephen Mason — 2022-10-10

Revising the Saudi Electronic Transactions Law on E-Signatures

Oways Kinsara — 2021-12-06

Acknowledging the ever-increasing significance of the Kingdom of Saudi Arabia in the global e-commerce market, this article critically examines the e-signature regime of the 2007 Saudi Electronic Transactions Law and its implementing regulation. In doing so, it considers the evolution of the European regime on e-signatures, from Directive 1999/93/EC to Regulation (EU) No 910/2014 (the eIDAS Regulation). The article primarily concludes that the Saudi legislature’s approach to e-signatures has been overly restrictive and calls for different, permissive and careful consideration.

Index words: Electronic signature, e-commerce, e-transactions, Saudi Arabia, European Union, eIDAS Regulation, comparative analysis.

Scandal at the Post Office

Paul Marshall — 2022-01-11

The Post Office Horizon scandal in the United Kingdom, possibly the most extensive miscarriage of justice in English legal history, was caused by a number of interrelated factors. These include: the legal presumption that computers are reliable; the unwillingness and failure of judges to order appropriate and necessary disclosure of documents by the Post Office, where required to ensure fairness at trial; the unethical conduct by the board and management of the Post Office; failure by government – the Post Office’s owner, and questionable litigation strategies adopted by the Post Office’s lawyers.

Index words: Post Office; Horizon IT system; disclosure; discovery; electronic evidence; ethics; politics

Electronic Execution of Documents Interim Report

Mark King — 2022-02-28

An Industry Working Group set up by a public appointments competition has recently produced Electronic Execution of Documents Interim Report via the Ministry of Justice. The Law Commission dealt with this issue in 2019 in Electronic execution of documents (Law Com No 386, HC2624) and it was suggested that uncertainties may have influenced the degree of confidence of users. The aim of this article is to provide a critical analysis of the Interim Report and its uncritical acceptance of the suggestion.

Index words: Ministry of Justice; England & Wales; electronic execution; electronic documents; electronic signatures; recommendations

The Post Office IT scandal – why IT audit is essential for effective corporate governance

James Christie — 2022-03-26

The Post Office Horizon scandal is possibly the most serious corporate failure in the United Kingdom in living memory, and possibly for more than a century. This is because of its disastrous consequences for hundreds (perhaps thousands) of individuals who were wrongly prosecuted by the Post Office and who lost their livelihoods, and often their homes, on the basis of incomplete and misleading evidence from its Horizon computerized accounting system. That corporate failure has given rise to the most extensive miscarriage of justice in English legal history, with an unprecedented number of wrongful convictions now in the process of being reversed.The Post Office Horizon scandal had many features and causes, but a significant contributory failure was that of corporate governance. There were many warning signs over the years, which should have been acted upon by Post Office Internal Audit and in particular, by specialist IT auditors. The evidence is clear that the Post Office failed to live up to its commitment to corporate governance, and that this failure was neither detected nor acted upon by the government, if civil servants and ministers were aware of the failure, until too late. An effective IT audit function would have contributed significantly to a prevention of the scandal.

Index words: Post Office, Horizon, Fujitsu, IT audit, internal audit, corporate governance, Three Lines of Defence, Institute of Internal Auditors, IIA, AICPA, IAASB, SSAE 16, SSAE 18, ISAE 3402, SAS 70, ISAE 3000, SOC-1, SOC-2, SOC-3, Trust Services Criteria, processing integrity, Justice for Subpostmasters Alliance, Ernst & Young

Assigning IACS cybersecurity responsibility conformant with the UK Network and Information Systems Regulations 2018

Peter Bernard Ladkin — 2022-05-10

Industrial plants constituting a society’s critical infrastructure, for example electricity-generation and water-supply, contain industrial automation and control systems (IACS). IACS nowadays increasingly contain many digital-electronic components whose behaviour is software-controlled. Amongst engineered artifacts, software and thus software-controlled systems are particularly susceptible to functional weakness (‘bugs’ and ‘vulnerabilities’). Such weakness can be exploited by nefarious parties (‘hackers’) to disrupt the critical operation of the plant; a phenomenon called cyber-insecurity whose contrary, cybersecurity, refers to the resistance of the plant to such exploitation. The UK Network and Information Systems Regulations 2018 SI 2018 No. 506 (NIS Regulations) address the cybersecurity of systems within the critical infrastructure, establishing response and reporting requirements for cybersecurity incidents. In January 2022, Her Majesty’s Government issued a call for comments on enhancing the NIS Regulations, following a 2020 review. We derive here detailed organisational reporting and response requirements based on a computer-scientific understanding of the engineering issues, in an environment which includes a central vulnerability-reporting organisation (ICS-CERT, now part of US CISA (CISA, no date), or cyber security incident response team (CSIRT)) as required under the NIS Regulations.

Index words: IACS, ICS, cybersecurity, responsibility, safety, software, vulnerabilities, organisational responsibility, duties, mandate.

Implementing the electronic signature law in Tanzania – successes, challenges, and prospects

Ubena John — 2022-10-10

Abstract

In a bid to implement the Electronic Transactions Act 2015, Tanzania initiated the adoption of a National Public Key infrastructure (PKI) framework. However, the plan has not been executed as expected because of certain gaps and ambiguities in the laws. This article examines the existing laws providing for the legal validity, admissibility and enforceability of electronic signatures especially using PKI; identifies the weaknesses of the existing laws and recommends new laws relevant to PKI that should be considered, and their rationale.

Index words: Tanzania, electronic signature, PKI, cryptography, certification

Practitioner Note

Árpád Geréd — 2022-10-10

Árpád Geréd and Alexandra Prodan discuss a recent case regarding the use of electronic signatures in procurement between jurisdictions. The failure to understand such details when tendering between jurisdictions almost caused a public tender worth € 3 billion to fail.

Index words: Austria; Switzerland; signature procurement requirements; qualified electronic signature

Electronic signature law update

Avukat Özgür Eralp — 2022-10-10

Avukat Özgür Eralp provides an up-date to the electronic signature laws of Turkey, setting out the full history of electronic signature legislation and recent legislative developments.

Index words: Turkey; electronic signatures; legislation; update

Briefing Note

Nicholas Bohm — 2022-10-10

Abstract

The presumption that computers are reliable in England and Wales is proved to be wrong. Nicholas Bohm, James Christie, Peter Bernard Ladkin, Bev Littlewood, Paul Marshall, Stephen Mason, Martin Newby, Steven J. Murdoch, Harold Thimbleby and Martyn Thomas CBE

Index words: England and Wales; presumption computers are reliable; proposal to rectify

Book Reports

Stephen Mason — 2022-10-10

Book Reports

General Editors and Editorial Board

Stephen Mason — 2022-10-10

General Editors and Editorial Board

PhD Research in process

Stephen Mason — 2022-10-10

PhD Research in process

PhD Completed

Stephen Mason — 2022-10-10

PhD Completed

Ismay Report

Stephen Mason — 2022-10-10

Horizon – Response to Challenges Regarding Systems Integrity (Post Office Limited, 2 August 2010)