Friday, July 8, 2011

Eight Rules of E-Filing: Rule #2

Rule Number 2: User authentication must be designed into the overall e-filing solution.

For too long court E-filing has been generally limited to civil case matters.  This is perfectly understandable from a legal viewpoint since the parties and/or court can simply agree to its use.  But today we should design E-filing systems to deal with all case types such as criminal and juvenile that has a decidedly greater need for user verification.

Earlier this year I posted an article on “Trust and E-Filing” here on the CTB.  But there are some additional issues that can be discussed on this topic.

First, the US Department of Justice “Global” data sharing initiative has delved into this issue through their Global Federated Identify and Privilege Management (GFIPM) working group.  The introduction to their standards work states:

Achieving information sharing objectives requires that partners establish wide-scale electronic trust among the caretakers of critical information and those who need and are authorized to use that information.  The information is sensitive-inappropriate sharing is just as dangerous as lack of sharing. That is where a new and rapidly maturing technology called federated identity comes in.  Federated identity allows a user's roles, rights, and privileges to be communicated securely in the justice community and, in particular, to those who hold the information required to effectively safeguard our nation.

The Global Federated Identity and Privilege Management (GFIPM) framework provides the justice community and partner organizations with a standards-based approach for implementing federated identity...  The GFIPM metadata and framework support the following three major interoperability areas of security in the federation:

  • Identification/Authentication - Who is the end user and how were they authenticated?
  • Privilege Management - What certifications, clearances, job functions, local privileges, and organizational affiliations are associated with the end user that can serve as the basis for authorization decisions?
  • Audit - What information is needed or required for the purposes of auditing systems, systems access and use, and legal compliance of data practices?

As GFIPM states “’Federation’ is a fundamental concept”.  In other words, the goal should be that the users of one system would be “trusted” in their identity, and also in their “roles” as information providers and access, will be trusted by other systems in the federation.  This is especially difficult in the USA where the governmental organizational structure was designed about the concept of “separation of powers”.  Thus it is no surprise that inefficiencies in data sharing (in this case E-filing) occur since it was designed that way.

Now extend these concepts to the entire legal community and in turn to all citizens and you have one huge problem to solve.  This is such a huge issue that it has been addressed in the “National Strategy for Trusted Identities in Cyberspace: Creating Options for Enhanced Online Security and Privacy” that was released in June, 2010 by President Obama of the USA.

Now at this point in most articles I usually try to make a recommendation for action or a potential solution.  The two efforts listed above are a beginning; and there are numerous other efforts underway to create a “digital identity”.   The requirements are there and it is clearly resulting in E-filing adoption issues.  However at this point in time I think we have to wait to see what develops.

No comments:

Post a Comment