CM(2003)98 Addendum 1 13 August 2003
851 Meeting, 9 September 2003
10 Legal questions
10.1 European Committee on legal co-operation (CDCJ)
b. Draft Recommendation Rec(2003)… of the Committee of Ministers to member states on interoperability of information systems in the justice sector and its Explanatory Memorandum
Draft Recommendation Rec(2003)…
of the Committee of Ministers to member states
on the interoperability of information systems in the justice sector
(adopted by the Committee of Ministers on …,
at the … meeting of the Ministers' Deputies)
The Committee of Ministers, under the terms of Article 15.b of the Statute of the Council of Europe,
Considering that the aim of the Council of Europe is to achieve greater unity among its members;
Determined to improve the quality of public service to citizens and businesses in the justice sector;
Affirming that an efficient justice system is essential to consolidate democracy and strengthen the rule of law, as it will increase public trust and confidence in the state authority, in particular its ability to fight against crime and solve legal conflicts;
Recognising that information technology has become indispensable for efficient functioning of the justice system, especially in the light of the increasing workload of the courts and other justice sector organisations;
Recognising that efficient functioning of the justice sector in the information age requires legal recognition and wide use of electronic data exchanges between different organisations;
Bearing in mind that constitutional, legal and administrative requirements and traditions entail the existence of a large diversity of information systems in the justice sectors of member states;
Aware of the growing complexity of information systems in the justice sector;
Realising that efficient and secure electronic data exchanges among different justice sector organisations in these conditions require interoperability of their information systems;
Recognising the potential of interoperability for facilitating transborder legal co-operation to meet the increasing practical need for closer co-operation between countries in the justice sector;
Aware of the various interoperability problems of information systems in the justice sector resulting from administrative, management and technical deficiencies;
Recognising the need to improve the interoperability of information systems in the justice sector by applying interoperable document and communication standards and integrated approaches to information technology projects;
Recognising that the introduction of interoperability in the justice sector requires also appropriate changes to the relevant law and work processes and adequate training of personnel;
Bearing in mind that interoperability solutions for the justice sector should be adapted to the specific requirements of member states;
Recognising the existence of varying interoperability needs of member states resulting from their differences regarding the development of information technology in the justice sector;
Recalling that changes in the work processes of justice sector organisations introduced by the interoperability should in no way affect the constitutional guarantees of the independence of the judiciary in the process of the administration of justice;
Aware that data processing in the conditions of interoperability presents both advantages and risks with regard to information security and protection of privacy in the justice sector;
Having regard to Recommendation Rec(2001)2 concerning the design and redesign of court systems and legal information systems in a cost-effective manner, Recommendation Rec(2001)3 on the delivery of court and other legal services to the citizen through the use of new technologies and Recommendation Rec(2002)2 on access to official documents,
Recommends that governments of member states:
1. implement the principles and guidelines set out in this recommendation in their domestic law and practice;
2. bring these principles and guidelines to the attention of persons and institutions responsible for information technology and interoperability in the justice sector.
I. General provisions
For the purposes of this recommendation:
– “justice sector organisations” shall comprise the courts, prosecution and other public and private institutions, such as the police, penitentiary systems, public registers, civil status authorities, lawyers, notaries as well as other public and private stakeholders that exchange data and information in the process of the administration of justice;
– “information systems” shall mean information technology systems used by justice sector organisations for electronic data processing, storage and exchange, such as case (workflow) management systems and databases;
– “interoperability” shall mean efficient and secure data and information exchanges among the information systems of justice sector organisations.
The objective of this recommendation is to facilitate the interoperability of information systems by laying down principles and guidelines for member states concerning steps and measures to be taken at the level of information technology policy, process design and technical architecture of data and information in the justice sector.
II. Policy issues
3. Interoperability strategy
3.1. Member states should ensure that information technology projects launched in the justice sector take into account the need to ensure interoperability of information systems among various justice sector organisations.
3.2 An information technology strategy for the justice sector should take into account inter alia the following:
– stage-by-stage computerisation of the justice system;
– the establishment of communications infrastructure, including e-mail facilities;
– the development of an integration strategy to allow for system-to-system communication;
– the harmonisation of information to the extent needed;
– the establishment of an integrated system for data collection and statistical analysis;
– the introduction of a common management information system;
– the establishment of common internal information registers;
– the development of standard software for databases.
3.3. Information technology projects in the justice sector should, therefore, be implemented in the framework of co-ordinated programmes allowing for consistent actions to be taken in various interconnected fields and among different stakeholders, thus assuring the appropriate co-ordination and financing.
3.4. The introduction of interoperability in the justice sector should be based on cost-efficiency considerations. The required level of interoperability in each particular case should be determined with due regard to the costs involved and expected benefits.
4. Non-technical security and personal data protection
4.1. Member states should implement interoperability of information systems in the justice sector, taking full account of the need to ensure the security of information and personal data protection as required by applicable international standards and national law.
4.2. Member states should take measures to determine the roles and responsibilities of personnel of justice sector organisations regarding the use of information technology applications. Justice sector organisations should ensure, in particular, that they inform their personnel of the relevant legislation and regulations which apply to the way information and data are handled within the justice sector.
4.3. Member states should provide for the establishment of audit or control points at relevant positions in the automated information and document flows inside and among the justice sector organisations.
5. Human resources
5.1. In the introduction of information technology, justice sector organisations should deploy the necessary human resources to make sound judgements on the proposed systems and services.
5.2. Justice sector organisations should be provided with qualified personnel in charge of their information systems to ensure the respect of integrity, availability, storage and identification of electronic documents and data processed by the organisation concerned.
5.3. Member states should take measures to promote the training of lawyers and other personnel of justice sector organisations in matters related to the application of information technology. Incentives for the personnel of justice sector organisations should be created to encourage them to use information technology applications in their daily work.
6. Interoperability between the public and the private sectors
6.1. Member states should promote methods of electronic exchanges between public justice sector information systems and those of private justice sector organisations such as lawyers and other stakeholders. Such data exchanges may only be carried out in accordance with international and national law.
6.2. Member states should, at the same time, consider and implement appropriate precautions to ensure information security and personal data protection. Systems of accountability should be established in order to be able to control how information subject to special protection is handled.
III. Redefining the process design
7. Changes to work processes
7.1. To obtain maximum benefits from the introduction of information technology, member states should link the introduction of modern information technology in the justice sector to organisational changes to work processes of justice sector organisations.
7.2. Member states should have an open-minded approach to modernising laws and regulations where they constrain the use of opportunities made available by the new information technologies and, in particular, interoperability.
7.3. Introduction of interoperability in the justice sector should, however, be a controlled process. Member states should ensure that justice sector organisations identify, document and describe their work processes and monitor and control the changes introduced by interoperability.
8. Interorganisational process chains
8.1. Member states should apply interoperability solutions to all relevant fields where the interinstitutional co-operation of individual justice sector organisations is vital, such as criminal and civil justice systems.
8.2. Case management systems of justice sector organisations should, in particular, be prepared for delivering and receiving information from other external case management systems and providing support in the decision-making process by enabling access to a complete range of relevant databases.
8.3. Member states should facilitate the interoperability of various databases by introducing such unifying measures as unique identification codes and uniform data definitions.
IV. Technical and information architecture
9. Document and communication standards
9.1. Member states should adopt an integrated approach to the introduction of document and communications standards in the justice sector to enable data to be assembled in an agreed and structured way.
9.2. Interoperability can nevertheless be achieved by using more than one data standard since the adoption of a single standard may not be always possible. In this respect, member states should follow the development of the leading market de facto standards rather than attempt to create distinct standards for the justice sector.
9.3. In particular, member states should pay attention to the development of mark-up languages as promising emerging document and communication standards in the justice sector.
10. Technical security
10.1. Justice sector organisations should establish procedures to monitor and control potential exposure to risks arising from the misuse or failure of their information systems. These procedures should include security guidelines ensuring control of access to the various levels of their information systems.
10.2. Member states should, where appropriate, promote the application of cryptography in the justice sector to address some of the risks inherent in the digital media to secure electronic communications between various justice sector organisations.
10.3. Member states should also widely implement Public Key Infrastructure with respect to the justice sector organisations to ensure message integrity and non-repudiation as well as confidentiality through the ability to authenticate the recipient or sender of the message and verify electronic signatures with electronic certificates issued by trusted intermediaries.
1. Information technology can provide an important contribution to achieving better quality public services for citizens and businesses. Providing public services through the use of new information technology is, therefore, an important challenge currently faced by European States. Justice sector organisations, such as courts and public registers, are no exception to this global trend towards the information society.
2. Efficient functioning in the information age requires the interconnection of the various organisations involved in case processing in the justice sector. The information systems, such as case management systems and databases, of justice sector organisations should be able to exchange data and information in an efficient and secure manner.
3. The interconnection of information systems is, however, impeded by the large diversity of organisations and, accordingly, of information systems in the justice sector due to the different constitutional, legal and administrative arrangements and traditions of member states, in particular, the principle of separation of powers and independence of the judiciary. The information systems of justice sector organisations are not fully and generally integrated and are likely to remain that way in the future.
4. Interoperability of information systems is, therefore, required to ensure efficient and secure data and information exchanges among the different players in the justice sector. Interoperability is a key prerequisite for efficient co-operation among the various organisations in the justice sector and for delivering court and other public services to citizens and businesses by means of new information technology.
5. Interoperability of information systems can provide benefits in all principal areas of the justice sector, leading to increased quality of service for citizens and businesses. In particular, interoperability could help achieve higher cost-efficiency, rapidity and security of data exchanges. It would also help provide guidelines for the further reform of the justice sector, as it will enable the monitoring of the workflow and the preparation of statistical reports and analyses. In the international context, interoperability is important for trans-border electronic data exchanges to facilitate international judicial co-operation.
6. For these reasons, the Committee of Ministers of the Council of Europe instructed the Committee of Experts on Information Technology and Law (CJ-IT) to conduct, in 2001 and 2002, an activity on the interoperability of information systems in the justice sector. In the implementation of this activity, the CJ-IT was assisted by the Working party on the Interoperability of systems between justice organisations
(CJ-IT GT XIII). The tasks of the CJ-IT GT XIII were to study, on the basis of experiences and projects envisaged in the member states, the legal issues raised by the interconnection of information systems of various players in the justice sector from administrative, constitutional, organisational, procedural and privacy protection aspects.
7. The CJ-IT GT XIII held two meetings, on 9 – 10 May 2001 and on 31 January – 1 February 2002. The preliminary draft of the present Recommendation was examined during the 25th CJ-IT plenary meeting on 23 – 25 October 2001. The draft Recommendation and its draft Explanatory Memorandum were finalised by the Committee of Experts on Efficiency of Justice (CJ-EJ) during its 5th plenary meeting on
13-15 November 2002 and approved by the European Committee on Legal Co-operation (CDCJ) during its 78th meeting on 20 – 23 May 2003.
8. The issue of interoperability of information systems in the justice sector was also the subject of the 15th Colloquy on Information Technology and Law in Europe, organised by the Council of Europe in co-operation with the Swiss Federal Office of Justice on 3-5 April 2002 in Macolin (Switzerland), which provided significant input to the preparation of this Recommendation.
9. The Council of Europe has already for a long time promoted the application of the new information technology to increase the efficiency of justice. The present Recommendation should, therefore, be viewed in conjunction with the earlier adopted instruments. In particular, reference should be made to Recommendation No. R(2001)2 of 28 February 2001 concerning the design and re-design of court systems and legal information systems in a cost effective manner which could be considered a forerunner of the present Recommendation.
10. Note should also be taken of Recommendation No. R(2001)3 of 28 February 2001 on the delivery of court and other legal services to the citizen through the use of new technologies. This Recommendation is relevant as it provides guidelines on services delivered by the justice sector to the outside world that will frequently depend on the interoperability of information systems of different justice sector organisations.
11. Recommendation No. R(2002)2 on access to official documents is relevant in the field of interoperability as it lays down the principles of access to official documents applicable also to electronic documents.
12. In 2001, the CJ-IT also carried out a comparative study on the situation in member states concerning the use and legal validity of electronic documents in the justice sector, especially in the light of introducing the new legislation on electronic signatures. This work resulted in the Report on the use of electronic documents in the justice sector (October 2001) that outlines general tendencies and presents national experiences in member states. This Report provided important background material for the present Recommendation, especially in matters concerning access to public justice sector information systems.
Structure of the Recommendation
13. The Recommendation contains a Preamble with several introductory clauses explaining the background of the Recommendation and making reference to the previous relevant work in this field. The substantive provisions of the Recommendation are divided into four chapters:
- Chapter I – General provisions (principles 1-2);
- Chapter II – Policy issues (principles 3-6);
- Chapter III – Changes in the process design (principles 7-8);
- Chapter IV – Technical architecture (principles 9-10).
14. The Preamble of the Recommendation recognises that modern information technology strongly contributes to a more efficient functioning of the justice sector and providing a better quality service to citizens and businesses. Information technology would ensure a higher level of transparency, accuracy and rapidity in the functioning of the justice sector thus increasing public trust and confidence which is essential to consolidate democracy.
15. Nevertheless, the interoperability problems, experienced by justice sector organisations, obstruct the benefits from the introduction of information technology. In addition, they endanger data security and personal data protection. These interoperability problems are due to both objective reasons such as diversity and independent status of different justice sector organisations but they are also caused by administrative, management and technical drawbacks that should be targeted by the Recommendation.
Chapter I – General provisions
Principle 1 – Definitions
16. This Recommendation deals with interoperability in the justice sector. The “justice sector” within the meaning of the Recommendation is given a broad interpretation covering not only various public organisations such as courts and the police, but also different private entities such as bar associations and other stakeholders such as individual lawyers whose information systems interface and where the interoperability is of strong relevance for efficient administration of justice.
17. This Recommendation is primarily aimed at interoperability at a national level although States may make use of the principles contained in it when concluding bilateral and/or multilateral agreements in this field.
18. Most of the principles and guidelines of the Recommendation, therefore, apply equally to both public and private justice sector organisations. However, certain provisions of the Recommendation, such as Principle 6 “Interoperability with the private sector”, by their nature and content, may be aimed only at public justice sector organisations.
19. Furthermore, the CJ-IT experts concluded that many principles and guidelines of interoperability, discussed in this Recommendation, were valid also for other sectors of public administration, as the methodology for achieving interoperability is, in fact, quite similar.
20. For describing interoperability, this Recommendation uses the term “information systems”. The earlier instruments1 adopted by the Council of Europe in the field of information technology and law made use of terms such as “court systems” and “legal information systems” in order to draw a distinction between case (workflow) management systems and information databases such as public registers. When discussing the present Recommendation, the CJ-IT experts acknowledged that maintaining this division was not useful as interoperability of case management systems and that of databases was equally important. This Recommendation, therefore, uses a general term “information systems” to describe all combinations of hardware, software and communication and storage media used for data processing, storage and exchange in the justice sector. Nevertheless, certain provisions of the Recommendation, such as Principle 8 “Inter-organisational process chains”, contain express references to either case management systems or databases (registers).
21. Finally, the Recommendation defines “interoperability” as efficient and secure data and information exchange among various justice sector organisations. Experts of the CJ-IT concluded that the term “interoperability” did not lend itself, however, to a fixed definition because its meaning and contents vary significantly in different member states depending on the overall development of information technology in the justice sector and particular needs of individual states as determined by relevant constitutional, legal and administrative requirements and traditions. These different levels of interoperability can include basic computerisation allowing for information to be exchanged on diskettes or CD-ROMs, electronic mail (e-mail) facilities, exchanging e-mail attachments and, finally, system-to-system communication and replication of data.
22. The concept of interoperability is also a broad one because of the vast range of forms and procedures of data exchanges and communications between various information systems. The communication may involve either transmitting or receiving documents, images or other forms of communication such as voice mail or video. These various kinds of messages may include text, numeric, graphic, voice or video files or any combination of them, which require the ability to handle (i.e. receive and transmit) a wide range of message types.
23. Electronic exchange of information is conducted through different communication media that differ according to the level of security. These media include internal networks set up and managed by an organisation for its own use, or it may be a network operated by specialised organisations providing communication facilities specifically for the transmission of documents, images and standardised electronic messages. Some of the present media standards are public networks such as the Internet or a virtual private network (VPN) running on the Internet, which have the advantage of low cost, access to a large audience and ease of transmitting documents. Local area networks (LAN) or Wide area networks (WAN) offer the benefit of security, higher bandwidth and better operational predictability but at a higher cost.
Principle 2 – Objective
24. The objective of this Recommendation is to “facilitate interoperability by laying down principles and guidelines for member states concerning steps and measures to be taken at the level of information technology policy, process design and technical architecture”. This three-fold approach to the issue of interoperability reflects the opinion of the CJ-IT experts who considered that implementing interoperability in the justice sector required measures at the level of government policy, appropriate changes in the working methods of justice sector organisations and upgrading of the technical infrastructure.
25. It was concluded that e-Government or similar national projects, under way or envisaged in member states, should take into account the particular needs of the justice sector. As to the working procedures in the justice sector, they should be adjusted to the new requirements and opportunities offered by the information technology, in particular in those aspects concerning inter-organisational process chains, made possible by the interoperability of information systems.
26. Lastly, the key issue of interoperability is, of course, information technology, in particular, data and document standards and communication procedures. In this regard, the CJ-IT experts decided that the Recommendation should place particular emphasis on the development of mark-up languages which are widely perceived as a promising emerging tool for automation and interoperability in the justice sector.
Chapter II – Policy issues
Principle 3 – Interoperability strategy
27. The Recommendation calls for adequate measures to be taken with respect to the particular needs of the justice sector inter alia in the framework of e-government and other information technology strategies currently undertaken or envisaged in the member states. Information technology projects in the justice sector should take into particular account the development of information exchange between the separate sub-systems of the justice sector with a view to achieving interoperability among various information systems. The Recommendation provides a list of principal elements of an interoperability strategy.
28. Introducing interoperability may be a gradual process but specific solutions and sequences of action will significantly depend on the situation in a particular member state. Certain states have opted, for example, to avoid the use of ordinary e-mail facilities as an interoperability tool in the justice sector choosing instead system-to-system communication of secure and structured data without going through the intermediate steps.
29. There is a large variety of justice sector organisations and introduction of interoperability will be more complicated in areas where this fragmentation is greater such as the criminal justice chain because of the different police forces, for example. It is crucial that all the concerned stakeholders be involved in establishing interoperability. Information technology projects in different fields of the justice sector should, therefore, be co-ordinated under programmes across several areas that will enable prioritisation and financing. Such programmes would require political commitment and high-level sponsorship.
30. Interoperability projects in the justice sector should take into account, in particular, the cost-effectiveness considerations as various information systems have been introduced in different periods and costs for achieving their interoperability will vary considerably. Evaluation should be made of whether expected benefits from interoperability are commensurate with the necessary investment. Achieving 100% interoperability is not an end in itself; it is better to see what level of interoperability delivers the most benefits. A more basic interoperability solution could be sufficient for the general public whereas more sophisticated structures would have to be established for professional users.
Principle 4 – Non-technical security and personal data protection
31. Interoperability can deliver higher levels of transparency and access to information in the justice sector for public and private organisations and citizens. The interoperability solutions should, nevertheless, take into account the potential risks with regard to information security and protection of privacy, which require adequate organisational and security measures. States are therefore invited to take full account of the need to ensure the security of information and personal data protection.
32. In this respect, the Recommendation refers to relevant international and national law on personal data protection that should be taken into account in establishing interoperability. The Council of Europe has adopted an extensive set of instruments on personal data protection, the most significant being the Convention for the protection of individuals with regard to automatic processing of personal data (ETS No. 108) of 28 January 1981. Interoperability should in no way jeopardise personal data protection safeguards, enshrined in these instruments, such as lawfulness of personal data processing, access and dissemination.
33. The second issue closely related to personal data protection is security. In conditions of increasing interconnectivity and reliance, security is critical to ensure that justice sector organisations can trust their own systems, and those of other organisations, to deal with security threats and ensure the continuation of the operation.
34. Justice sector organisations should consider the non-technical aspects of security, which include the roles, responsibilities and behaviour of personnel. A chain of accountability should, therefore, be established and responsibility assigned for activities involving interoperability at all levels. These measures would facilitate a pattern of supervision and control.
35. The circulation of data and information in the conditions of interoperability should be, in addition, auditable i.e. it should be possible to ascertain the fact of transmission and receipt of a particular piece of information. Audit or control points should be set at appropriate positions in the information and document flows of justice sector organisations to enable tracking of how particular information has been handled. These audit points may be where particular activities are taking place or where a transfer occurs of documents or information, or both, from one organisation to another. The information to be gathered and checked for this purpose may include:
- the process being audited;
- documents and information being processed;
- the date and time when information or documents pass through the audit point;
- the person responsible for performing the work;
- any relevant comments;
- transmission and receipt logs.
36. It should be possible to provide audit trails for all information and documents. For certain sensitive information even the knowledge of the fact of transmission or receipt may present a security threat. It is recommended, therefore, that audit trails be kept in a secure manner. The audit trails should be available for inspection by authorised internal and external personnel and made in such a way as to be easily followed by the auditors who may not have any experience in the applied technologies.
Principle 5 – Human resources
37. This provision of the Recommendation covers two principal issues – personnel responsible for information technology and information technology training for lawyers and other practitioners in the justice sector.
38. Public justice sector organisations, like the rest of the public administration, are facing competition from the private sector as regards qualified information technology personnel. Recourse is, therefore, often made to subcontracting private companies for implementing information technology projects in the public justice sector. This Recommendation does not attempt to analyse the various advantages and disadvantages of in-house or out-sourced information technology development2 in the justice sector. It underlines, however, that justice sector organisations should dispose of an IT personnel to be capable of making a sound judgement on the quality of information technology systems and services to be deployed as well as to guarantee a smooth functioning of their information systems.
39. Training of users is required to ensure efficient use of the new possibilities opened by information technology in the justice sector. It would not be wrong to say that for several years a common practice of exchanging electronic documents in the justice sector has been to print them on paper, fax them to the recipient, and retype them at the other end. The Recommendation, therefore, calls for adequate training programmes and other incentives that would facilitate wider use of information technology in the daily work of the justice sector. The training should be carried out by the use of the most efficient contemporary means such as e-learning and interactive training courses.
Principle 6 – Interoperability between the public and the private sectors
40. The public justice sector information systems have to interface with various entities of the private sector such as lawyers and notaries and other stakeholders. This necessity is becoming even more important as in several member states the organisations representing the legal professions are currently developing private networks allowing communication between members of the same profession.
41. In this regard, the Recommendation advises basing the sharing of the public justice sector information with private organisations on the consideration of functionality. CJ-IT experts emphasized that the objective of the Recommendation should be furthering transparency in the public justice sector and the restrictions of access should be minimised to those strictly necessary. Publicly available information should be shared freely by facilitating external access to the relevant information systems of public justice sector organisations. Moreover, interfaces between networks of private organisations and public justice sector Intranets should be established to permit electronic communication with the courts and other public justice sector organisations3.
42. Exchanges should, nevertheless, be controlled in case of data or information subject to special protection such as personal data. The principal question raised in this respect is what requirements in the field of protection of privacy and security should be put forward to the information networks of these outside organisations if interoperability leading to exchanges and sharing of data is to be established. In addition, it should be considered to what extent the State could control how the information obtained from public sector networks is handled by the private sector entities.
43. The Recommendation calls for appropriate precautions with regard to the processing of data and information subject to special protection. Each private network of the public justice sector organisations should be sealed off from the others, and data exchanges should be confined to those strictly necessary for a pre-defined purpose (Extranet procedure). It may be provided that external parties can access courts' information systems only after certification of their professional status, through controlled points of access. The intermediary of professional associations of lawyers and notaries could be used to this end. In addition, the relevant personal data protection legislation and regulations issued by the personal data protection supervisory authorities should be respected.
Chapter III – Redefining the process design
Principle 7 – Changes to work processes
44. Interoperability should be closely linked to reforms in the justice sector. Applying new technologies within the old administrative mechanisms and schemes would not bring about the expected benefits. Although many member states invest significant financial resources in the computerisation of the justice sector, these efforts often do not achieve the expected results because the modern information technology continues to be used in an old-fashioned way. As a result, most proceedings in the justice sector still remain paper-based.
45. The Recommendation suggests that work processes of the justice sector organisations should be reviewed and studied to determine if and how benefits are to be gained by applying interoperability. This review should include amendments to the relevant laws and regulations that are found to constrain the benefits from interoperability. In this respect, an important example is the legislation ensuring the legal validity of electronic documents in legal proceedings4.
46. The introduction of interoperability should, however, be a controlled process. Justice sector organisations should follow the changes introduced in their operating procedures thanks to interoperability. It should be possible to make a comparison between working practices in the conditions of interoperability and in the past. The measures to be taken in this regard include:
- identification, documentation and description of processes and procedures in the justice sector;
- monitoring and control of changes to standard procedures using the documented descriptions of work operations;
- recognition, understanding and control of data and information through their classification, structure and the way they are represented;
- selection of appropriate methods to collect, store and transmit data within an individual organisation and across its boundaries to, and from, its communication partners;
- evaluation of the information held by the organisation and taking appropriate measures to protect it;
implementing appropriate levels of security for managing the information.
Principle 8 – Inter-organisational process chains
47. The Recommendation calls for interoperability solutions in all areas of the justice sector where improved data and information exchanges would be beneficial to enhance co-operation among different organisations leading to higher efficiency and better quality service.
48. Several practical examples could be drawn about how the interoperability has helped rationalize and speed up the functioning of the justice sector. In the criminal justice chain, for example, interoperability helps assure the communication and data processing among police, prosecution, courts, penitentiary institutions and the penal register. In the civil justice chain, interoperability assures transmission of the case file along the procedures of appeal and revision up to the enforcement authorities. It would enable provision of evidence in electronic form and automatic execution of other court-related actions such as collection of court fees or inquiries on the social and employment situation. In the field of public registers, interoperability is indispensable for their interconnection enabling, for example, automatic update of data from a single information source.
49. Interoperability is, to a large extent, concerned with the case management systems of justice sector organisations. Case management systems significantly raise the efficiency of work procedures by eliminating a substantial part of the manual operations and the need to store documents on paper carriers. The case management systems in the justice sector become more important as many member states are presently introducing into their court systems electronic files created on the basis of scanned paper-based documents and original electronic documents.
50. In the courts system, case management systems should collect, process and analyse the information. They should contribute to the efficient running of the judicial process by ensuring that case file documents are duly produced, authorized and disseminated. Case management systems should also assure efficient scheduling of cases, judges and persons appearing before the courts and provide safe receipt, registration, storage and availability of all documents relating to the case file. Principal functions of case management systems should be the following:
- case initiation;
- case registration;
- case file maintenance, storage and retrieval;
- scheduling of cases, court panels, judges and other parties involved in the litigation;
- generation and distribution of standard and non-standard documents;
- calculation of costs;
- preparation of statistics;
- archiving of electronic documents and messages.
51. The diversity and incompatibility of case management systems in the justice sector is a major obstacle to interoperability. Case management systems should be prepared for delivering and receiving information from other information systems and external parties. They should also provide improved support in decision-making by enabling access to a complete range of relevant legal and case law databases and public registers.
52. In the field of databases such as public registers, interoperability may be greatly facilitated by introduction of a single identification code of legal entities. This code would be the key in all national registers, in both the public and private sectors, to identify companies, enterprises and organisations on which the information is provided. The unique identification of legal entities is a prerequisite for safe exchanges of information. In addition, a database of data definitions may be created. The data definitions may be used as a basis for the creation of forms for submitting information and for the purpose of finding duplicates in the reported information.
Chapter IV – Technical and information architecture
Principle 9 – Document and communication standards
53. The electronic transfer of information implies that two or more organisations are involved - one sending the data, the other receiving it. The data or information is transferred from one computer system to another, thereby eliminating the need to exchange information on paper, the need to re-key the information into the receiver's computer and possible re-keying errors. For the transmitted data to be of use to the receiver they must be in a form that can be understood. If many organisations are to work together in this way, there is an obvious need for standards. These should enable data to be assembled in an agreed and structured way within a transmitted message. The need for standards is especially important when exchanging electronic documents in a multi-lingual context.
54. Stringent standards exist for paper based-documents in the justice sector. For electronic documents the need for standardisation is even more important. Nevertheless, interoperability can be achieved also by using more than one standard since the adoption of a single standard may not be always possible. The Recommendation suggests, in this respect, using and following the development of the leading market de facto standards, rather than attempting to create special distinct standards for the justice sector. The role of the technical standards authorities in this regard is very important and should be closely monitored as they often provide the basis for future development of market de facto standards.
55. The importance of standards has been increasingly highlighted by the application of Intranet, Extranet and Internet technologies. The subsequent effect of these technologies has meant that a document produced by a justice sector organisation may be published internally on an Intranet, viewed externally on an Extranet, or published on an external web server to be viewed by the general public. While Intranets are implemented in a controlled environment, whereby an organisation can select a proprietary or an open standard, both Extranet and Internet applications are dependent on external environmental and social factors. These factors may include an external organisation's own standards and policies in the case of Extranet applications. When specifying Internet applications, user hardware and software standards need to be taken into account.
56. These technological developments raise a number of issues as organisational requirements and user needs differ depending on the type of application and the intended audience. Intranets of justice sector organisations can be used both as an information source, and as a means of accessing data that may have originated in a number of different document formats. Similarly, Extranet applications provide external organisations with an information source containing relevant documents and presentations. Relevant information is equally important for Internet applications, yet this tends to be more challenging due to the needs of a much wider audience.
57. Past efforts to improve document exchange in the justice sector are not encouraging. There have been certain achievements in introducing e-mail facilities and possibilities of transmitting documents in e-mail attachments. On the other hand, these harmonisation efforts have also led to adoption of formats that make documents difficult to reformat.
58. The Recommendation refers in general terms to the use of mark-up languages as a promising contemporary development for legal documents in the justice sector. In particular, several member states are presently recommending XML (Extensible Mark-up language) for use in the public justice sector. XML has been designed specifically for emerging technologies and in some respects is a large subset of SGML5 (Standard Generalized Mark-up language). XML is a language, which provides extensive capabilities for the exchange of data. The introduction of XML in the justice sector will help automate large amounts of electronic filing that would otherwise require human intervention. The introduction of the information technology in the justice sector has been a difficult process, therefore perhaps the greatest challenge of XML is teaching the legal industry to have hope again that information technology can provide significant efficiency.
59. XML is considered as very suitable for the exchange of legal documents in the justice sector since it enables separation of contents (data) of documents from their presentation features (metadata). In XML standard the document is a combination of data without formatting and style sheets providing formatting. Organisations can agree metadata descriptions and through XML they are able to work together effectively and efficiently. It has to be taken into account that the XML standard continues to evolve and is constantly enriched. This development is rapid and should be monitored.
60. For XML to be widely accepted into the justice sector, the CJ-IT experts stressed the need to elaborate common data definitions across different types of legal documents used in the justice sector or, at least, to keep such data definitions as simple and similar as possible. Ideally, XML should support the legal vocabulary and tools should be provided to enable creation of XML documents automatically or with minimum additional human intervention. The introduction of XML is not, however, free from risks for interoperability if XML documents are not created correctly. A certain degree of verification might, therefore, be needed at least in the initial stages of introducing XML in the justice sector.
61. In order to facilitate validation and interpretation of XML documents use should be made of enabling technologies that make it possible to test the validity of documents against pre-defined rules. These technologies should use ready-made software products, thus sparing the need to develop tailor-made code. Some present examples of such technologies are DTD6 (Document Type Definition) and the XML Schema7 Definition Language. DTD and Schema are documents (files), referenced by an XML document, which are usually published for use by all the organizations exchanging the specific type of XML document.
Principle 10 – Technical security
62. Organisations should not only trust their own systems. For inter-organisational communications and increased accessibility of each other's information there must also be trust in the security of each other's information systems. For trust to develop in an organisation's information system, it must be demonstrated to be secure. This mutual trust can be achieved, for example, through a guarantee that the organisation's information systems meet a recognised security standard that addresses its security needs.
63. Technical security for the purposes of this Recommendation comprises the following major elements:
- availability or technical accessibility;
- integrity or preservation of the contents and layout of the document and ensuring authorised modifications only;
- confidentiality or control of access rights;
- authenticity or assurance that a document has been created or modified by a particular person or entity;
- non-repudiation of transmission or receipt techniques;
- use of timestamp technologies to certify the existence of a document or message at a given date and time;
- use of archiving and retrieval techniques for permanent storage of electronic documents and messages to guarantee their accessibility and protection against forgery.
64. Interoperability solutions should be carefully evaluated to prevent negative effects on security. In particular, the working procedures of justice sector organisations should include user access controls to various levels of the system (e.g. manager, data input, retrieval). The accommodation and operating environment for information systems and for the storage, labelling, handling, transportation and maintenance of data storage media should be in accordance with suppliers' recommendations and/or relevant national or international standards. The central part of the system (including file servers, data storage etc.) should be installed in secure areas, with documented restricted access.
65. The Recommendation draws attention to encryption techniques that may be used to improve the security and integrity of transmitted and stored data. Applying cryptography to address some of the risks inherent in the digital media has been a major advance towards securing electronic communications. It is advisable to encrypt information subject to security or, in particular, personal data protection requirements.
66. In addition, Public Key cryptography is widely heralded as an enabling technology which amongst its other capabilities, such as message confidentiality and integrity, provides the ability to authenticate the recipient or addressee and verify electronic signatures with certificates issued by trusted intermediaries, such as certification authorities (CAs).
67. Electronic signatures permit the linking of message content to the certificate holder, thereby guaranteeing the integrity and non-repudiation of messages. Electronic signatures consist of data which, when appended to a data file, enable the user of the data file to authenticate its origin and integrity. The electronic signature data can be applied and checked by the application of public and private keys. The use of electronic signatures does not imply that the file itself has to be encrypted. In many cases the file will remain unencrypted; the electronic signature serves to demonstrate whether the file contents have been tampered with and whether the file was signed by the purported signatory. The introduction of electronic signatures in member states should follow the relevant international standards8 in this field.
68. The Recommendation, therefore, calls for widespread availability of an encompassing Public Key infrastructure (PKI) that should provide a basis for verifying diverse electronic documents and signatures in the justice sector. It should also enable certificate-based applications to authorise access to network resources for certificate holders through a security policy mapping process, and to validate the electronic signature on electronic documents.