Legal Requirements and Challenges for Long-Term Security Systems: Cryptography, IT-Security, Trust Services and Liability

Paul C. Johannes

Digital data durability is undermined by continual progress and change. Solutions must address issues such as storage media lifetime, disaster planning, advances in cryptanalysis or computational capabilities, changes in software technology. A primary goal of a long-term archive service is to support the credible assertion of a claim that is currently asserted, at points well into the future. A long-term archive service may support a range of applications, including: wills, land records, medical data, criminal case files, personnel files, and contracts. As such a long-term archive services as well as their long-term security often are legal obligations.
Furthermore, in the face of rising numbers of cybersecurity breaches and threats, governments are taking a greater interest both in protecting industry and customers and set out laws to increase cyber preparedness and security standards.
To introduce the topic, this talk will
·         present examples for legal requirements to long term archival and long term security,
·         introduce relevant German and European legislation pertaining to cyber security, e.g. the Law on IT-Security and the General Data Protection Regulation (GDPR),
·         expound on the European Regulation on electronic identification and trustservices (eiDAS).