Friday, July 6, 2012

12-07-06 ComSign - a legitimate electronic signature certifier for the State of Israel, or a large-scale con on the People by the government of the State of Israel?

ComSign is a private corporation, which was established through a dubious process as the only certifying authority for electronic signatures, which is recognized by the State of Israel.  ComSign issues certificates of authenticity.  However, to this date, after reviewing thousands of judicial records and other legal public records of the State of Israel, a single visible certificate is yet to be discovered. At least one browser (Mozilla) is documented refusing to recognize ComSign certificates, for failure to produce audit records.  The evidence discovered to this date, does not enable one to discern: Is ComSign a legitimate electronic signature certifier, or a large-scale con on the People by the government of the State of Israel?  In effort to resolve the dilemma, sample digital certificates were requested from both ComSign and the Ministry of Justice of the State of Israel. The responses hold particular significance to Human Rights and banking regulation in the State of Israel.
[] []

VIEW as PDF: http://www.scribd.com/doc/99356477/
As part of efforts to discern the nature of ComSign, LTD, and its conduct as sole certifying authority for the State of Israel, Joseph Zernik, PhD, of Human Rights Alert (NGO), has filed requests with the Ministry of Justice of the State of Israel [1] and ComSign, LTD, [2] for sample certificates of electronic signatures, pursuant to theElectronic Signature Act (2001).  The Administration of Courts, which operates the electronic record systems of the courts, refuses to answer on any Freedom of Information requests on this matter, with no legal foundation. [3]
Little noticed, unannounced regime change took place in Israel in the early 2000s with the passage and implementation of the Electronic Signature Act (2001), the new Regulations of the Courts -  Office of the Clerk(2004), and the concurrent implementation of new electronic record systems in the courts of the State of Israel: [3]

  • The Electronic Signature Act (2001) established certified digital signatures for State officers and attorneys appearing in courts, and prescribed that a Magistrate Judge be appointed by the Minister of Justice, holding the office of "Registrar of Certifying Authorities", to oversee the implementation of the database of certified digital signatures.  However, Freedom of Information response by the Ministry of Justice states that no individual was appointed for a full decade, until 2011, to hold that office.  Regardless, individuals falsely appeared in the intervening years as "Registrar of Certifying Authorities" and conducted business on behalf of that office, promulgated guidelines, filed annual reports with the legislature (Knesset) and engaged in enforcement, all with no lawful authority. Through such conduct, ComSign, LTD, was established as the sole certifying authority of electronic signatures for the State of Israel.  With it, the digital seal of the State of Israel was effectively hijacked. [4]
  • New electronic record systems were concurrently implemented in the courts of the State of Israel.  The 2010 State Ombudsman's Report 60b [5] documents that the systems were developed and implemented in violation of State law and regulations:
    • The systems were developed with no specifications
    • Development of the systems was delegated to corporations with no bidding (US-based corporations, IBM and EDS, were involved in this project)
    • Development was conducted with no core supervision by State employees
    • The systems were received with no independent testing by the State client.
    • The servers, holding the records of the courts of the State of Israel were removed to corporate grounds, and are not under State control. 
  • The Regulations of the Court - Office of the Clerk (2004) were amended in 2005, in conjunction with implementation of the new electronic record systems in the courts. The amendment permitted the Director of Administration of Courts to modify the Regulations as necessary in the process of implementing the systems. [5]  The Director of the Administration of Courts has never published the modification that were introduced in the Regulations under such authority, and the Administration of Courts refuses to answer on any Freedom of Information requests, pertaining to the electronic record systems. [3]
During the relevant period (2001-2012), seven (7) different individuals, affiliated with various political parties, served as Justice Ministers of the State of Israel: Meir Shitrit, Yosef Lapid, Tzipi Livni, Haim Ramon, Ehud Olmert, Daniel Friedman, and Yaakov Neeman. [14]

One of the notable features of the new electronic record systems is neither a single visible certified digital signature, pursuant to the Electronic Signature Act (2001), nor a single certified server has been discovered in recent review of thousands of public legal records.  [4]  All decisions of the Supreme Court are now published as electronic record, unsigned and uncertified, subject to "editing and phrasing changes", and the Supreme Court refuses to duly serve its decisions on parties to litigation. [3]
In parallel, the Human Rights Alert (NGO) 2012 report [3] documents the proliferation of simulated records in the Supreme Court of the State of Israel, conduct of simulated review of cases before the court, [6] and fraud in certification of decisions of Supreme Court by the Chief Clerk of the Supreme Court. [9] Falsification of records in the District Court in Tel Aviv was documented by the Israel Bar Association [8], and falsification of records in the Detainees Courts was reported by Haaretz daily. [10]
Separately, the Administration of Courts denied a Freedom of Information request for the appointment records of the Chief Clerk of the Supreme Court, claiming that is was a "record of internal deliberation." [9]
Several individuals, appearing under various titles,  were central to the fraud in implementation of the Electronic Signature Act (2001):
1) Meir Shitrit
2001-3 - Minister of Justice,  signed Electronic Signature Act (2001) and oversaw the first couple of years of its implementation;
2) Yoram HaCohen
- Head of the Justice, Information, Technology Authority;
- Registrar of Databases in the Ministry of Justice;
- Registrar of Certifying Authorities" pursuant to the Electronic Signature Act (2001).
3) Amit Ashkenazi
- Legal Counsel of the Justice, Information, Technology Authority;
- Registrar of Certifying Authorities" pursuant to the Electronic Signature Act (2001).
Of particular concern is in this context is the nature of ComSign, LTD, and its conduct as sole certifying authority for the State of Israel.

The ComSign Certification Practice Statement opens with the following: [11]
1.1.1. ComSign’s electronic certificate issuing services have been created to
support secured E-commerce and additional electronic services to
provide a solution to the technical, business and personal needs of
electronic signature technology users. ComSign is registered as a CA at
the CA registrar as defined by the Law[Electronic Signature Act (2001)of the
State of Israel - jz]and is acting as a reliable third party that issues,
manages, and revokes electronic certificates according to these procedures.
The English web site of Comsign states under "Solutions", "Electronic Signatures": [11]
Electronic signatures
In the last decade, the ability to transfer data electronically has developed enormously. One of the key problems in developing transfer technology is authenticating the web surfer - the identity of the specific person who has performed an action on the internet cannot be known. This inability to identify prevents innumerable entities from providing services via information transfer technology and thus many procedures are still "stuck", cumbersome and bureaucratic.
Electronic signatures have existed for many years already, and in 2001 the Knesset even passed the Electronic Signature Law, which reduced the gap between the authorities from the legal aspect and the existing technology.
An electronic signature is an encrypted file attached to a message or document which allows identifying its sender and guarantees that the original content of the message or document has not been changed since being signed, and if it has been changed, the reader will receive a warning that the document is not complete compared to the original document that was signed.
Digital signatures are based on methodical theory and by using complex algorhythms they prevent break-ins and/or changes to a document without the knowledge of the document signatory/reader.
How can we recognize a digitally signed file/message?
One must ensure that the [] sign appears, which confirms that the message was signed electronically.
However, the space, designated for the image of the "sign", was left blank.  Review of thousands of judicial records and other legal public records of the State of Israel failed to discover a single visible certified digital signature.

The English web site of Comsign state, under "Solutions", "SSL": [11]
SSL
Secure Sockets Layer (SSL)
is a method of encrypting and protecting secure web pages. Secure pages are those where the communication between them and the browser is encrypted and the identity of the company or person representing the pages can be clarified.
When a web surfer reaches a secure page, the lock symbol ( [] ) appears at the top and bottom of the browser, and sometimes it even makes a locking sound.
These indicate to the web surfer that the page is secure. Double-licking the lock symbol while visiting a secure page will display the identity of the company that owns the secure pages. (When clicking on the lock, it is recommended to check the name of the company responsible for the encryption and not be tempted to give your details to just any ephemeral company which has fabricated an opportunity for themselves).
In this case, the symbol of SSL is shown. However, review of the web pages of ComSign itself, of the courts of the State of Israel, and other Israeli government web pages failed to discover any web page showing the SSL sign.

Some light is shed on this case in correspondence from 2003-2012 between ComSign, LTD, COO, and Mozilla, the non profit browser maker, asking to have ComSign added to the Mozillas root CA store: [11]
Comment 1Gervase Markham [:gerv] 2007-06-01 08:29:49 PDT
- Do you offer OCSP service? 
- Can you confirm you are, as you say, planning to issue EV
certificates
(http://www.cabforum.org)?
- Please also tell us how you comply with sections 8, 9 and 10 of our CA policy: http://www.mozilla.org/projects/security/certs/policy/ (the sections relating to audits). You say you are audited by the Israeli Ministry of Justice, but we would need to know to which of our accepted standards the audit was conducted, and to have published evidence of the occurrence of the audit. (The Verisign affiliation and the fact that you are in the Microsoft store are not relevant to this question.)
Thanks,
Gerv
Comment 2Gervase Markham [:gerv] 2007-06-27 08:04:02 PDT 
Mr Harei: Are you able to answer my questions? If not, the bug
will be closed.
Gerv
Comment 3Ran Harel 2007-06-27 08:09:37 PDT 
Hi Gerv, sorry for the delay
1. We do not currently offer OCSP service.
2. We are not currently planning on issuing EV certificates.
3. Since all audits were/are conducted for the Israeli Ministry of Justice, they are in Hebrew, and so we are in the process of translating and notarizing them for this purpose. If there is any other way to get this approval please tell me.
Thank you,
Ran
Comment 4Gervase Markham [:gerv] 2007-06-27 08:41:09 PDT 
Ran,
It may well be useful to have your audit documents translated - but the key questions are: - Who did the audit?
- To what standard (e.g. WebTrust, ETSI) was the audit done?
Are you able to answer these two questions?
Gerv
Comment 5 Gervase Markham [:gerv] 2007-08-15 08:08:47 PDT 
Resolving INCOMPLETE due to lack of input from reporter.

Gerv As of this date, ComSign is still listed on the Pending Requests List, although on April 8, 2012, the accountants office Sharoni, Shefler et al (CPAs) issued an audit statement. [11]  In contrast, Comsign does appear on the approved list of IBM and Microsoft corporations. [11]
It should also be noted, that when trying to open the root certificates of ComSign, Microsoft Windows issues a security warning: "Unknown Publisher".

The experience gained in Israel, relative to implementation of the Electronic Signature Act (2001) and the new electronic records systems of the courts, demonstrates:
  • The Executive had no intention of complying with the Electronic Signature Act (2001);
  • The Judiciary were intimately involved in the conduct related to undermining the integrity of court record in the State of Israel;
  • The Legislative is not ready, willing, able to exert oversight - individuals fraudulently appeared and filed annual reports with the Knesset as "Registrars of Certifying Authorities", pursuant to the Act.
"Given the involvement in recent years of senior officers of all three branches of government in undermining the integrity of the justice system of the State of Israel, the only conceivable solution is in the establishment of a Truth and Reconciliation Commission," says Joseph Zernik, PhD, of Human Rights Alert.

Events that have taken place in Israel over the past decade also demonstrate that the biggest hacking risk to government data systems is from 'inside jobs' by government officials, and that no government should be trusted with constructing such systems, absent adequate transparency and public oversight. 

The electronic record systems of the courts in the United States were compromised a couple of decades earlier. Today, fraud in the electronic record systems of the many of the states (SUSTAIN) and the federal (PACER, CM/ECF) courts is rampant. [12]
Corruption of the courts in the United States is most notably seen in abuse of Human Rights and failing banking regulation. [13]

Conditions that have been established in the State of Israel pose similar risks to Human Rights and banking regulation in the State of Israel.  Israeli computing and encryption experts, some of the best in the world, should hold a particular civic duty in the safeguard of Human Rights and banking regulation in the State of Israel in the digital era.
LINKS:
[1] 
12-06-27 Freedom of Information Request on the Ministry of Justice in re: Certified Digital Signatures of Officers of the Ministry of Justice s
http://www.scribd.com/doc/98529841/
[2] 12-07-06 Request filed with ComSign, LTD, for sample certified electronic signatures of the State of Israel s
http://www.scribd.com/doc/99331565/
[3] 12-06-04 Human Right Alert's Appendix to Submission; 15th UPR Working Group Session (Jan-Feb 2013) - State of Israel: Integrity, or lack thereof, of the electronic record systems of the courts of the State of Israel
http://www.scribd.com/doc/82927700/
[4] 12-06-25 PRESS RELEASE: Hijacking of the Digital Seal of the State of Israel
http://www.scribd.com/doc/98120110/
[5] 
10-00-00 State of Israel - Ombudsman's Report 60b, Ministry of Justice Computerization (2010) p 693 Et Seq
http :// www.scribd.com/doc/50624862/
[6] 04-11-25 Takanot Batey Hamishpat - Mazkirut (2004) // Regulations of the Courts - Offices of the Clerks (2004) (Heb + Eng)
http://www.scribd.com/doc/48770720/
[7] 11-12-19 Simulated Records, Simulated Litigation Enabled by the Electronic Record Systems of the Supreme Court of the State of Israel (English) s
http://www.scribd.com/doc/73239491/
[8] 
12-04-16 PRESS RELEASE: Criminal Fraud Complaint Against SARAH LIFSCHITZ, Chief Clerk of the Supreme Court of the State of Israel, Filed Today With Israel Policehttp ://www.scribd.com/doc/89681591/
[9] 12-04-10 The Judge Alsheikh Affair – “Reconstructed Transcript” in the Tel-Aviv District Court _ Globe
http :// www.scribd.com/doc/90686541/
[10] 11-02-08 Dana Weiler: Court issues ruling, with quotes, from a nonexistent hearing - Haaretz
http://www.scribd.com/doc/48769638/ 
[11] 12-07-06 ComSign, LTD - sole certifying authority of electronic signatures for the State of Israel - compilation of corporate records
http://www.scribd.com/doc/99350885[12] 11-07-06 Request filed by Windsor and Zernik with US Attorney General Eric Holder for Review of Integrity of Public Access and Case Management Systems of the US Courts
http://www.scribd.com/doc/59480718/ 
[13] 12-06-08 Courts and Judges as racketeering enterprises under RICO (the Racketeer Influenced and Corrupt Organizations Act) - key element in the current financial
http://www.scribd.com/doc/96504009/
[14] 12-07-06 List of Justice Ministers of the State of Israel 2001-2012 _ Wikipedia
http://www.scribd.com/doc/99346540/

No comments: