Australian Fisheries Management Authority e-Logbooks

The Australian Fisheries Management Authority e-Logbooks initiative was designed to use Public Key Infrastructure (PKI) for electronic signature and confidentiality. The Australian Fisheries Management Authority (AFMA) developed a certification program for vendors, and currently one vendor (catchlog.com) has been certified. With some prompting from Tom Kagehiro (for which I am grateful) I contacted Dieter Bohm of catchlog.com. Dieter confirmed that AFMA is no longer depending on PKI for eSignature. Dieter told me "that didn't work". He noted that in its present state of maturity, PKI tends to authenticate a computer (the computer on which the private key is stored) and not a person. Also, he confirmed that private key storage within the browser is problematic. He told me that the direction catchlog.com finds promising is fingerprint readers. His company has demonstrated the technology to Australia and New Zealand and the reception to the demo was encouraging. Catchlog.com implementation is still under development and my impression was that these agencies have not committed to fingerprint technology at this time.

Note that the catchlog.com proposed design does not capture and transmit an image of a fingerprint, and would not, for example, allow matching of a skippers fingerprint against police fingerprint records. Instead, they have designed an algorithm that turns the input from the fingerprint reader into a verification number that is characteristic for a particular individual and consistent over time. The verification number is only reproducible with specific fingerprint reader technology and algorithms. Therefore there is a required eSignature registration process whereby a skipper is associated with a particular fingerprint verification number. Subsequently, whenever eLogbook data is "signed", the skipper must pass his fingers over the fingerprint reader, at which point the catchlog.com software will bind the verification number to the data.