Bezpečnostné riziká spojené s elektronickým podpisovaním - legislatívne návrhy

Vzhľadom na bezpečnostné riziká spojené s kvalifikovaným elektronickým podpisom a pečaťou je potrebné vypustiť z Občianskeho zákonníka toto ustanovenie:

par. 40.5
Na právne úkony uskutočnené elektronickými prostriedkami, podpísané zaručeným elektronickým podpisom alebo zaručenou elektronickou pečaťou a opatrené časovou pečiatkou sa osvedčenie pravosti podpisu nevyžaduje.

Stačí nám nariadenie eIDAS, ktoré jasne definuje, že kvalifikovaný podpis je ekvivalentom vlastnoručnému podpisu. Nemusíme robiť z epodpisu niečo čím nie je.

A čo sa tým vyrieši ?

Kvalifikovaný podpis sa nebude dať použiť automaticky na sprísnené úkony, úprava sa konečne zosúladí s eIDASom.

Elektronický podpis bude iba ekvivalentom vlastnoručného podpisu, nie ekvivalentom osvedčeného podpisu.

kde konkretne je tato slovenska uprava v rozpore s nariadenim EIDAS ?

Veď ale to môžeme používať aj naskenovaný podpis a máme to to isté. Právne spomínaná právna úprava dovoľuje podpis využívať ďaleko viac a komunikovať so štátnou správou prakticky plne elektronicky (ak si odmyslíme aktuálne medzery v službách). Skôr by sa to malo diferencovať podľa dôležitosti a isté úkony neumožniť vykonať len podpísaním prostredníctvom ZEP/KEP (napr. prevod nehnuteľnosti). U nás je skôr problém to, že na väčšinu úkonov sa vyžaduje overenie u notára bez ohľadu na dôležitosť a potrebu.

Ach jo, toto si tu @ius navrhoval už asi 10 krát. Keď to myslíš vážne, určite máš zhromaždené informácie o škodách, ktoré už nastali za tých 15 rokov čo to v ObZ je. Alebo aspoň o sporoch, ktoré prebehli. Rád si to pozriem.

Co znamena “zosuladit s eIDASom” ? Ked eidas hovori, ze KEP je ekvivalentom vlastnorucneho podpisu, tak nic nebrani narodnej uprave povedat, ze je ekvivalentom osvedceneho podpisu.
Podla mna rusenie prislusneho ustanovenia obcianskeho zakonnika by bolo skor na skodu ako na uzitok a bola by to zbytocne hystericka reakcia, najma ak nie je jeden jediny pripad zneuzitia.

A ked si mam porovnat pravdepodobnost toho, ze niekto sa zmocni tvojho obcianskeho a pojde k notarovi overit akoze tvoj podpis a podari sa mu to s tym, ze niekto niekde zozenie public cast tvojho 3072 bitoveho RSA kluca a refaktoruje z neho tvoj privatny kluc a zneuzije ho, tak myslim, ze je zjavne, co je jednoduchsia cesta

Poznám prípady, kedy na základe vlastnoručného podpisu boli úkony vyhlásené za neplatné.

Zatiaľ nepoznám prípad, kedy bol úkon spísaný u notára vyhlásený za neplatný. Ak by bol, notár by mal veľký problém.

Pri osvedčovaní podpisu u notára alebo na obci vlastnoručne podpisuješ aj osvedčovaciu knihu + podpisuješ pred notárom samotnú listinu. Opäť podpis môže byť predmetom znaleckého dokazovania písmoznalcom. Tie dristy, že na osvedčenie podpisu stačí, že sa niekto na občianskom trochu podobá sú hodné hádam iba ministranvnútra.

U elektronického podpisu túto možnosť nemáš. Dokonca nemáš de facto ani len možnosť namietať, lebo si v dôkaznej núdzi. Takže elektronický podpis by mal byť iba ekvivalentom vlastnoručného.

Ze nebol vyhlaseny za neplatny neznamena, ze nebol ziaden falsovany…len sa to proste nedokazalo.

toto je pravda, ale stale to nic nezarucuje…

ale asi je to stale jednoduchsie ako refaktorovat 3072 bitovy kluc…

100% bezpecnost nikdy nedosiahnes, otazka je len to, ci je zbytkove riziko akceptovatelne…
Ked chceme robit elektronizaciu, tak nejaku mieru rizika musime zniest.

Je bezpecne ziadat od ludi pisat si piny od svojho zaruceneho elektronickeho podpisu na papier a odniest si ich domov?

Zoznam sprísnených úkonov, ktoré nemôžeš podpísať elektronickým podpisom @MarekK

Napríklad v Estónsku zápis a prevod nehnuteľností trvá 65 dní a zverejňuje sa vo vestníku, prevod nehnuteľnosti musíč vlastnoručne podpísať

Nikto v Európe nemá právnu úpravu, ktorú máme my.

Česká republika

Use Cases That Are Not Typically Appropriate for Electronic Signatures or Digital Transaction Management
Use cases that are specifically barred from digital or electronic processes or that include explicit requirements, such as handwritten (e.g. wet ink) signatures or formal notarial process that are not usually compatible with electronic signatures or digital transaction management.

Handwritten - agreements on purchase or transfer of real estate (Section 560 of the Civil Code in connection with Section 62 (1) of Regulation No. 357/2013 Coll., on Cadastre Register, as amended)
Handwritten - mortgage agreements with respect to real estate registered in the Cadastre Register (Section 560 of the Civil Code in connection with Section 62 (1) of Regulation No. 357/2013 Coll., on Cadastre Register, as amended)
Formal notarization - certain contracts governed by family law, such as contract on matrimonial property regime (including so called prenuptial contracts) (Section 716 of the Civil Code)
Formal notarization - certain contracts on pledge of movables, contracts on pledge of enterprise and mortgage contracts with respect to real estate not registered in the Cadastre Register (Section 1314 (2) of the Civil Code)
Formal notarization - certain instruments of inheritance law such as inheritance contracts (Section 1582 (2) of the Civil Code), inheritance sales (Section 1714 (3) of the Civil Code), renunciation of succession right (Section 1484 of the Civil Code), contract of inheritance alienation (Section 1714 of the Civil Code), selection of an administrator of the decedent’s estate (Sec. 1556 of the Civil Code)
Formal notarization - certain instruments of corporate law such as Memorandum of Association/Foundation Deed of a limited liability company and a joint stock company (Section 8 (1) of Act No. 90/2012 Coll., on Business Corporations and Cooperatives, as amended)
Formal notarization - certain instruments relating to foundations/endowment funds, such as foundation deed of an foundation (Section 309 of the Civil Code), contract on merger by acquisition of a foundation (Section 383 of the Civil Code), decision to change the legal form of a foundation to an endowment fund (Section 391 of the Civil Code)
Formal notarization - articles of association of unit owners (Section 1200 of the Civil Code)
Formal notarization - legal act of an individual who cannot read and write (subject to certain exceptions) (Section 563 of the Civil Code)
Formal notarization - personal declaration of a member of a family enterprise waiving his/her right to a share in its profits (Section 701 of the Civil Code)
Formal notarization - by-laws of a trust (Section 1452 of the Civil Code)
Contracts on marriage property regime
Inheritance contracts and inheritance sales
Memorandum of Association/Foundation Deed of a limited liability company and a joint stock company

Estónsko

Use Cases That Are Not Appropriate For Electronic Signatures
Use cases that are specifically barred from digital or electronic processes or that explicitly require handwritten (e.g. wet ink) signatures or formal notarial process.

Formal notarization - certain minutes of shareholder meetings, e.g., when decisions are passed regarding election of management or supervisory board members or takeover of minority shareholding (Commercial Code Art. 174 Sect. 4.1 and 6 and Art. 304 Sect. 7 and Art. 305 Sect. 1 and Art. 363.7 Sect. 2)
Formal notarization - consent of a trademark owner for use of trademark in a business name (Commercial Code Art. 12 Sect. 3)
Formal notarization - applications submitted to certain public registers such as Commercial Register or Land Register and power of attorneys issued for signing of such applications (Commercial Code Art. 32.1 Sect. 1; Land Register Act Art. 34 Sect. 2.1)
Formal notarization - foundation agreement or foundation resolution of a limited liability company, merger and division agreements of limited liability companies, as well as power of attorneys issued for signing of the said documents (Commercial Code Art. 32.1 Sect. 2)
Formal notarization - transfer or pledge agreements of shares of private limited liability companies provided that the shares are not registered in the Central Register of Securities (Commercial Code Art. 149 Sect. 4, Art. 151 Sect. 2)
Formal notarization - transactions with real property (Law of Property Act Art. 64.1, Art. 119 Sect. 1, Art. 120 Sect. 1)
Formal notarization - inheritance agreements (Inheritance Law Act Art. 100)
Formal notarization - marital property contracts (Family Law Act Art. 60)
Formal notarization - maintenance contracts between dependents and maintenance providers (Law of Obligations Act Art. 573)
Formal notarization - trademark pledge agreements (Trademark Act Art. 50.6 Sect. 2)

Use Cases That Are Not Typically Appropriate for Electronic Signatures or Digital Transaction Management
Use cases that are specifically barred from digital or electronic processes or that include explicit requirements, such as handwritten (e.g. wet ink) signatures or formal notarial process that are not usually compatible with electronic signatures or digital transaction management.

Poľsko

Handwritten – intellectual property transfers, including industry property laws such as the right to obtain a patent for an invention, protection for a utility model, and a right in registration of an industrial design (art. 12 § 2 of the Industrial Property Law) and copyrights (art. 53 of the Copyright Act)
Notarization - real property transactions (art. 158 of the Civil Code)
Handwritten or notarization - depending on the subject of the security
Handwritten or notarization - family law documents, such as wills, marriage contracts (art. 1 Polish Family and Guardianship Code), inheritance contracts (art. 950, art. 981 (1)) and (art. 1037 para. 2 Civil Code), contracts waiving inheritance (art. 1048/1049/1050 Civil Code), and inheritance sales (art. 1052 para 3 Civil Code)
Notarization - articles of incorporation for certain entities, including limited partnership (art. 106), partnership limited by shares (art. 131), limited liability company (art. 157 § 2) and joint-stock company (art. 301 § 2 of the Commercial Companies Code)
Notarization - assignment of shares or transfer or lease of an enterprise or the establishment of usufruct on it (art. 75 (1) Civil Code).
Handwritten - corporate shareholder resolutions
Handwritten - appointment and removal of corporate officers and directors
Handwritten - all decisions issued by the (government) administration (art. 14 of the Administrative Procedure Code)

Nemecko

Notarization - contracts to purchase or transfer real property (Sec. 311b para. 1 German Civil Code)
Handwritten - contracts of surety (Sec. 766 para. 1 sent. 2 German Civil Code)
Handwritten – standalone promise to fulfill an obligation (Sec. 780 sent. 2 German Civil Code)
Notarization - domestic/family related acts, including marriage contracts (Sec. 1410 German Civil Code)
Notarization - contracts of inheritance, contracts waiving inheritance (Sec. 2348 German Civil Code), inheritance sales (Sec. 2371 German Civil Code)
Handwritten - acknowledgement of debt (Sec. 781 sent 2 German Civil Code)
Handwritten - certain HR documents, such as termination notices (Sec. 623 German Civil Code) or agreements for lending employees or employment contracts that are limited in duration
Handwritten - reference letter regarding performance under a service contract (Sec. 630 sent. 1 German Civil Code provides for a statutory entitlement for employees)
Notarization - articles of incorporation of a company with limited liability (Sec. 2 para. 1 and Sec. 15 para. 3 Act on Limited Liability Companies)
Notarization - assignment of shares of a company with limited liability (Sec. 2 para. 1 and Sec. 15 para. 3 Act on Limited Liability Companies)

Francúzsko

Handwritten and paper - family related acts, including wedding contracts, acts of adoption, acts related to inheritance law
Paper - private deeds governed by family law and the law of succession (article 1175 FCC)
Paper - private deeds related to real or personal surety of a civil or commercial nature except those entered into by a person for their professional needs (article 1175 FCC)
Notarization - contracts of commercial lease exceeding 12 years, as well as any transaction subject to publication of landed property (article 4, Decree no. 55-22 and article 28, Decree no. 71-941)
Notarization - contracts to purchase or transfer real property (article 4, Decree no. 55-22 and article 28, Decree no. 71-941)
Notarization - contracts of mortgage (article 2416 FCC)
Handwritten and paper - human resource benefits agreements (article D2231-2 French Labour Code)
Formal notice via a registered letter with acknowledgement of receipt - termination of employment agreement (article L1232-6 French Labour Code)
Formal notice by a judicial officer (in French, “signification”) or deposit of the assignment to the corporation’s seat with an acknowledgement of deposit -assignments of shares relating to some types of corporations (article L221-14, L222-2, L223-17 French Commercial Code)

Aj keby sme chceli byt velmi opatrni…(to ze su opatrni inde este neznamena, ze to je spravne), tak by bolo treba urobit upravu predpisov v tom smere, ze KEPom je mozne podpisat vsetko, okrem konkretnych ukonov pri ktorych to vylucuje osobitny predpis.
Cesta vyhodit jeden odsek z OZ nie je systemove opatrenie…

Mas aj nas zoznam?

Náš zoznam je obdobný, čo sa týka listinných ukonov, ako sú zoznamy uvedené vyššie (kataster, prevody, obchodné spoločnosti, dedičské). ale ustanovenie § 40.5 OZ a zákon eGov prelamuje tento zoznam v elektronickom svete. úkony ktoré sa z povahy nemôžu vykonať elektronicky sa tiež nedajú podpsiovať KEPom.

Katastránlny zákon

§ 23
(1) Náležitosti elektronického podania sú rovnaké ako pri písomnom podaní. Pri elektronickom podaní sa podáva jeden rovnopis návrhu a jeden rovnopis príloh.
(2) Pri elektronickom podaní musia byť všetky prílohy podané v elektronickej podobe a podpísané zaručeným elektronickým podpisom; ak sa v písomnom podaní vyžaduje osvedčený podpis, v elektronickom podaní mu zodpovedá zaručený elektronický podpis opatrený časovou pečiatkou.7a)

§30
(5) Prílohou k návrhu na vklad je zmluva, na ktorej základe má byť zapísané právo k nehnuteľnosti do katastra, v dvoch vyhotoveniach. Ďalšími prílohami sú:
a) verejná listina alebo iná listina, ktorá potvrdzuje právo k nehnuteľnosti, ak toto právo k nehnuteľnosti nie je vpísané na liste vlastníctva,
b) identifikácia parciel, ak vlastnícke právo k nehnuteľnosti nie je vpísané na liste vlastníctva,
c) geometrický plán, ak sa pozemok rozdeľuje alebo zlučuje alebo pri zriadení vecného bremena k pozemku,
d) dohoda o splnomocnení, ak je účastník konania zastúpený splnomocnencom; podpis splnomocniteľa musí byť osvedčený, ak sa osvedčenie podpisu vyžaduje podľa § 42 ods. 3,
e) oznámenie podľa odseku 3 v papierovej podobe.
(6) Okresný úrad na návrhu na vklad vyznačí dátum, hodinu a minútu doručenia návrhu na vklad.

§ 42
(3) Podpis prevodcu na zmluve, podpis povinného z predkupného práva, podpis povinného v prípade vzniku vecného bremena alebo podpis oprávneného v prípade zániku vecného bremena na zmluve, podpisy spoluvlastníkov na zmluve o zrušení a vyporiadaní podielového spoluvlastníctva alebo pri vyporiadaní bezpodielového spoluvlastníctva manželov musia byť osvedčené podľa osobitných predpisov;10a) ak sú tieto osoby zastúpené, ich podpis na splnomocnení musí byť tiež osvedčený. To neplatí, ak je účastníkom zmluvy štátny orgán, Fond národného majetku Slovenskej republiky, Slovenský pozemkový fond, obec alebo vyšší územný celok alebo ak ide o zmluvu o prevode nehnuteľnosti vyhotovenú vo forme notárskej zápisnice alebo autorizovanú advokátom.

Nuž zasa naopak treba povedať, že požiadavky ako boli od začiatku v SR na ZEP nie sú inde v EÚ bežné. Napr. v ČR som si kľúče/cert pre “uznávaný elektronický podpis” v pohode vytvoril na USB kľúči, u nás bolo vždy povinné SSCD (hw zariadenie, v ktorom sú kľúče generované a privátny kľúč ho nikdy neopustí).

…keď už cituješ z docusign, daj aj príklady krajín kde skoro všetko pomocou QES možné je

Belgicko:

contracts that create or transfer rights in real estate (except leases) (Article XII.16 of the Economic Law Code)
contracts requiring by law the involvement of courts, public authorities or professions exercising public authority (i.e., public/authentic deeds, notably entered into before a notary) (Article XII.16 of the Economic Law Code)
contracts of suretyship granted involving collateral securities furnished by persons acting for purposes outside their trade, business or profession (Article XII.16 of the Economic Law Code)
contracts governed by family law or by the law of succession, such as matrimonial contracts or wills (Article XII.16 of the Economic Law Code)
author rights’ transfers or licenses subscribed by the original rights’ holder.

Čína

Handwritten - commercial and residential leases (must be registered with an agency that only accepts handwritten signatures)
Handwritten – certain family law documents, including those pertaining to marriage, adoption, and succession
Handwritten – pledges and mortgages (must be registered with an agency that only accepts handwritten signatures)
Handwritten – corporate documents that must be registered (must be registered with an agency that only accepts handwritten signatures)
Handwritten – intellectual property registrations (must be registered with an agency that only accepts handwritten signatures)
Notarization - real property transfer contracts

Dánsko
Notary - certain wills (section 63 of the Danish Inheritance Act) (“Arveloven”)
Registered in the Danish Register of Persons - marriage contracts (sections 35 and 37 of the Danish Legal Effects of Marriage Act) (“Retsvirkningsloven”)
Registered in Danish Land Register - certain contracts regarding transfer of rights relating to real property, in order for the contract to be “protected” against creditors and other contracting parties (section 7 of the Danish Land Registration Act) (except lease contracts and other contracts related to real estate, which can be signed validly via any form of electronic signature)
Registered in the Danish Register of Persons - certain contracts regarding transfer of personal property, in order for the contract to be “protected” against creditors and other contracting parties (sections 42c, 42d, 42i and 43 in the Danish Land Registration Act)
Paper/Handwritten - certain forms of termination notice regarding residential lease agreements (sections 4, 87 and 93, subsection 2 in the Danish Rent Act) (“Lejeloven”)

Izrael:
Notarization or handwritten - wills, inheritance orders, including memorandums of understanding and orders with respect thereto
Notarization or handwritten - powers of attorney
Notarization or handwritten - notary confirmations
Notarization or handwritten - certain documents with respect to adoption and surrogacy
Notarization or handwritten - most corporate documents
Notarization or handwritten – affidavits

Taliansko:
Formal notarization - contracts to purchase or transfer real property, or rights relating to it (Sec. 1350, Italian Civil Code)
Formal notarization - certain contracts disposing of corporate assets (Sec. 1350, Italian Civil Code)
Formal notarization - settlement agreements relating to disputes over the transfer of real property or disposal of corporate assets (Sec. 1350, Italian Civil Code)
consumer loan agreements

Spojené kráľovstovo:
Handwritten – various lease documents, including leases of 3+ years, deed of variation of lease, lease surrenders, and deeds ancillary to leases (e.g. rent deposit deeds, licenses to alter, assign or underlet)
Handwritten – real property documents submitted for registration with Land Registry and Land Charges Registry, including deed of transfer of title, application for adverse possession, legal mortgage/charge, release of legal mortgage/charge, deed of easement, deeds of variation
Handwritten – documents for HM Revenue and Customs, where stamp duty is payable
Handwritten - some documents such as company accounts to be registered with Companies House outside its web-filing service
Handwritten – various family law documents, including prenuptial agreements, separation agreements, deeds of variation, deed of disclaimer

Singapur:
Handwritten - wills
Handwritten - negotiable instruments
Handwritten - documents of title
Handwritten - bills of exchange
Handwritten - promissory notes
Handwritten - consignment notes
Handwritten - bills of lading
Handwritten - warehouse receipts or any transferable document or instrument that entitles the bearer or beneficiary to claim the delivery of goods or the payment of a sum of money
Handwritten - the creation, performance or enforcement of an indenture
Handwritten - declaration of trust or power of attorney
Handwritten - any contract for the sale or other disposition of immovable property (except implied, constructive and resulting trusts), or any interest in such property or the conveyance of immovable property or the transfer of any interest in immovable property

Spojené štáty americké:
Use Cases That Are Not Typically Appropriate for Electronic Signatures or Digital Transaction Management
Use cases that are specifically barred from digital or electronic processes or that include explicit requirements, such as handwritten (e.g. wet ink) signatures or formal notarial process that are not usually compatible with electronic signatures or digital transaction management.

Wills, codicils, and testamentary trusts
Adoption, divorce agreements
Court orders or notices, or official court documents
Contracts or Documents governed by the Uniform Commercial Code (“UCC”)
Notices of default, acceleration, repossession, foreclosure, or eviction regarding primary residence
Termination of health or life insurance benefits
Health or safety recall or material failure notices of a product
Documentation for transportation or handling of hazardous or toxic materials

Ja fakt nechapem ako moze mat vlastnorucny podpis bezpecnejsie vlastnosti ako elektronicky. Ked nahodou nieco podpisujem v banke, NIKDY to nesedi s podpisovym vzorom, k slecne za okienkom sa postupne prida veduca, niekedy pride aj riaditelka pobocky, podpisem sa aj 5x (vzdy trocha inak), a nakoniec to teda s neistym usmevom uznaju. To je akoze bezpecnejsie ako KEP?

A to v o pomarancoveho operatora, ked sa podpisuje na sklo je to este horsie. Ten ich algoritmus je dost tolerantny takze staci aby sa to ako tak podobalo.
A taketo scanovane podpisove vzory nemaju este jednu podstatnu vlastnost ‘analogoveho’ podpisu, tlak pera.

Podlozky pre grafikov tuto vlastnost maju, takze mozno aj v Pomaranci ich pouzivaju. Pekna databaza odhadom miliona podpisov…

a este chyba ake skutocne rizika sa vyskytuju a co je vysledok uspesneho lobingu notarov.