Security and Authentication in Electronic Filing Systems: Arkansas Subcommittee Report
"Explore the subcommittee report on security and authentication in electronic filing systems for campaign and finance reports in Arkansas. Learn about user authentication, risks, mitigation strategies, and approaches used in other states. Discover the filing processes in both paper and electronic formats, including the role of notaries in paper filing and different types of electronic keys for authentication."
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Electronic Filing Systems for Campaign and Finance Reports Subcommittee Report on Security and Authentication in Filing Systems Information Network of Arkansas Bob Sanders, General Manager Karl Hills, Director of Technology Blain Purtle, Security Analyst
Topics How user authentication works Risks and mitigation strategies Approaches in other states
The Filing Process: Paper Notaries provide user validation in paper filing
The Filing Process: Electronic Types of keys: Login & password Two-factor authentication PIN code Digital certificate / PKI
The Filing Process: Electronic The Key: Grants access Uniquely tied to the filer Logs access and actions taken
The Filing Process: Electronic User Validation is critical: Notary or in-person issuance Mailed form Wet signature
The Filing Process: Electronic IP Address: 170.94.194.130 Browser signature:
The Filing Process: Electronic Email notice / receipt
The Arkansas Electronic Records and Signatures Act Act 718 of 1999 Electronic signature means an electronic or digital method executed or adopted by a party with the intent to be bound by or to authenticate a record, which is unique to the person using it, is capable of verification, is under the sole control of the person using it, and is linked to data in such a manner that if the data are changed the electronic signature is invalidated.
Risks & Strategies Risk Mitigation Strategy Bad actor impersonates a filer at issuance State is the gate keeper Notary or in-person issuance End-to-end encryption Password complexity Rotation schedule Two-factor (SMS, other) Key is lost/stolen/compromised Already a risk with paper systems Notification to filer for any change Electronic forensics to aid investigation Immutable logs System is compromised; polluted with fraudulent data State is the gate keeper Re-validate when changing notification or address settings. Notification settings are changed or disabled.
Approaches in Other States Michigan: Signature form. Follows Federal rules. Tennessee: Signature form. Rhode Island: System generates paper filing which is then submitted with electronic filing. Indiana: Signature form. South Carolina: Signature and SSN required 98,000 filings over 9 years. No reports of fraud.
