Question & AnswerQ&A (EXECUTIVE ORDER NO. 810)
Digital signature is defined as an electronic signature consisting of a transformation of an electronic document or data message using an asymmetric or public cryptosystem such that a person having the original electronic document and the signer's public key can determine if the transformation was created using the corresponding private key and whether the document has been altered after the signature was made.
The National Computer Center (NCC) under the Commission on Information and Communications Technology (CICT) is designated to operate the Root Certification Authority (CA).
The Root CA operates the Root CA system; issues and manages certificates to accredited government and private CAs; develops technical standards for digital signatures; ensures interoperability; provides technical expertise for assessment of CAs; supports international cooperation; and resolves disputes related to digital certificates.
DTI, through its Philippine Accreditation Office (PAO), acts as the accreditation and assessment body for Certification Authorities (CAs). It issues criteria for accreditation, accredits CAs, conducts regular assessments, suspends or revokes licenses for CAs failing to comply, and establishes advisory and other committees for policy formulation and efficient operations.
RAs identify and register users, transmit certificate requests to the Government CA, validate certificates and Certificate Revocation Lists (CRL), and process certificate revocation requests for their respective government agencies providing e-government services.
Priority government agencies and instrumentalities must comply within two years from the issuance of the Order, and other government agencies shall comply within three years.
Yes, the NCC as Root and Government CA is authorized to charge fees based on recovery of costs. Government agencies acting as RAs may also charge fees, but in some cases may assume the costs of digital certificates based on contractual arrangements with the Government CA.
Section 8 of Republic Act No. 8792 (Electronic Commerce Act of 2000) provides the legal recognition of electronic signatures and sets requirements for electronic signatures, including digital signatures, to be considered as legally equivalent to handwritten signatures.
Disputes related to accreditation of CAs, issuance and use of digital certificates, and related issues are to be resolved by the designated agencies operating the certification scheme, according to rules and regulations formulated specifically for dispute resolution.